9b13587640b01d6c510185b60d0824d65429fbfc4f524aec3d327679bf26e588 | Triage

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 23:29

Sharing

Report Analysis Logs

General

Target

9b13587640b01d6c510185b60d0824d65429fbfc4f524aec3d327679bf26e588.dll
Size

3KB
MD5

db71ccdbd2f6129409d79d1911e28c40
SHA1

9613c47aef07e89f63e6c6006e8d4b8681dc3e3c
SHA256

9b13587640b01d6c510185b60d0824d65429fbfc4f524aec3d327679bf26e588
SHA512

e53c82fca50deefe81d07ac87a84e7c75efde64bb91a7a1026c08329c798f616b0f42c8b75cb1667312f4b0b015254bbb15577efbce9f1b5a24b4b9f065aeda7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27
PID 1324 wrote to memory of 1352	1324	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b13587640b01d6c510185b60d0824d65429fbfc4f524aec3d327679bf26e588.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b13587640b01d6c510185b60d0824d65429fbfc4f524aec3d327679bf26e588.dll,#1
  2⤵
  PID:1352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1352-55-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download