df0e23e96de229e96164a7a1baffe71fae94911b131262eb78b9add6c63bad8e | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:27

Sharing

Report Analysis Logs

General

Target

df0e23e96de229e96164a7a1baffe71fae94911b131262eb78b9add6c63bad8e.dll
Size

3KB
MD5

0e792491b37a504d87155551b011a960
SHA1

7ec465bf31e5a651bac4baef3c938b29af5615a0
SHA256

df0e23e96de229e96164a7a1baffe71fae94911b131262eb78b9add6c63bad8e
SHA512

c022d7862f02dc227fc4f13320d801cb7fbe71f527cca57af2eb3e04c8eb1944841bf97104cebbf66ac97169c100ecdef8c8dad7f5e65f576eed6fa49f3b572e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\df0e23e96de229e96164a7a1baffe71fae94911b131262eb78b9add6c63bad8e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\df0e23e96de229e96164a7a1baffe71fae94911b131262eb78b9add6c63bad8e.dll,#1
  2⤵
  PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download