d215ff5320f41c4d684ab618364b8d4094af5c9bfd42ba826451696b32876336 | Triage

Analysis

max time kernel
57s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:34

Sharing

Report Analysis Logs

General

Target

d215ff5320f41c4d684ab618364b8d4094af5c9bfd42ba826451696b32876336.dll
Size

3KB
MD5

d292ce0d451574440cc7fe388df81680
SHA1

6bd6786235f05bf4d81a7cb5dc4084a0df091d98
SHA256

d215ff5320f41c4d684ab618364b8d4094af5c9bfd42ba826451696b32876336
SHA512

ac00a3070c1c23261822531be2c27f506a54ee975fcf33e40759d0528fedcfd97d7202f75ad2bacd7484ba940e5abd3519b25d38719bff15634e337fecf8166f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d215ff5320f41c4d684ab618364b8d4094af5c9bfd42ba826451696b32876336.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d215ff5320f41c4d684ab618364b8d4094af5c9bfd42ba826451696b32876336.dll,#1
  2⤵
  PID:296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/296-55-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download