71f987d62d3d61cd89123f4df899e5322f6ae3b6100c41c6dbefb1de7a835b29 | Triage

Analysis

max time kernel
231s
max time network
337s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 22:55

Sharing

Report Analysis Logs

General

Target

71f987d62d3d61cd89123f4df899e5322f6ae3b6100c41c6dbefb1de7a835b29.dll
Size

3KB
MD5

0e43072e24048e4b094452ebb9e6f970
SHA1

5c0dcaae2d82ed3f9e39aa410467b16bfddcd153
SHA256

71f987d62d3d61cd89123f4df899e5322f6ae3b6100c41c6dbefb1de7a835b29
SHA512

67c29a3b9b063ffcd4f665ee849d7677b9f17deac81171b18dda678aec6ac14e246b0ea3b10cfb63a9535ff898475d85e0f034fd94b4a2dd9fee737aae43700c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 520 wrote to memory of 1292	520	rundll32.exe	28
PID 520 wrote to memory of 1292	520	rundll32.exe	28
PID 520 wrote to memory of 1292	520	rundll32.exe	28
PID 520 wrote to memory of 1292	520	rundll32.exe	28
PID 520 wrote to memory of 1292	520	rundll32.exe	28
PID 520 wrote to memory of 1292	520	rundll32.exe	28
PID 520 wrote to memory of 1292	520	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\71f987d62d3d61cd89123f4df899e5322f6ae3b6100c41c6dbefb1de7a835b29.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\71f987d62d3d61cd89123f4df899e5322f6ae3b6100c41c6dbefb1de7a835b29.dll,#1
  2⤵
  PID:1292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1292-55-0x0000000075671000-0x0000000075673000-memory.dmp

Filesize
8KB

Download