014b33b23587ffae26b1ac35fa7cc0c96629597e36fe03c51bfc9c280570cbb2 | Triage

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 23:22

Sharing

Report Analysis Logs

General

Target

014b33b23587ffae26b1ac35fa7cc0c96629597e36fe03c51bfc9c280570cbb2.dll
Size

4KB
MD5

154048116ae352ada13ad2ada4f4fad0
SHA1

5f3d3e94d687ed0d5f2475395917f78f1e382cef
SHA256

014b33b23587ffae26b1ac35fa7cc0c96629597e36fe03c51bfc9c280570cbb2
SHA512

fe8ee8cad8d3a1078cd769989322bca244bcc25abb86590198c889f304a6197f8f04ae71fa7acefcbc42cc164ed5b1ea09c869f8fa5a71ebf12e5b354a859d95

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\014b33b23587ffae26b1ac35fa7cc0c96629597e36fe03c51bfc9c280570cbb2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\014b33b23587ffae26b1ac35fa7cc0c96629597e36fe03c51bfc9c280570cbb2.dll,#1
  2⤵
  PID:1488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1488-55-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download