aace02de60babba0c81f634dcbb5e45e7b6170ec69c154398cd597c20963b831 | Triage

Analysis

max time kernel
39s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:35

Sharing

Report Analysis Logs

General

Target

aace02de60babba0c81f634dcbb5e45e7b6170ec69c154398cd597c20963b831.dll
Size

3KB
MD5

93ee10381065b527e3041ac5b81eda40
SHA1

c1ba3e0bd1114f11a8b7865364fd735c0ecea620
SHA256

aace02de60babba0c81f634dcbb5e45e7b6170ec69c154398cd597c20963b831
SHA512

86f6b19389e8a4a7c2aab9c1008ba128e09e4d0ba153436560d36f334958ea9afed8df392f8dfb4b473909d4e9cd57c902bfbc804aad6e810b50386c6fdac971

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aace02de60babba0c81f634dcbb5e45e7b6170ec69c154398cd597c20963b831.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aace02de60babba0c81f634dcbb5e45e7b6170ec69c154398cd597c20963b831.dll,#1
  2⤵
  PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-55-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download