0b1f6785ac83045be11c2fd989f2f202bbd69064cc2743268ef7331ddcde247f | Triage

Analysis

max time kernel
44s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b1f6785ac83045be11c2fd989f2f202bbd69064cc2743268ef7331ddcde247f.dll
Size

3KB
MD5

800b520862cdb325058a7085cdcedb80
SHA1

080d3d40fbe6467c3e7f38d2aeb57ec00375b146
SHA256

0b1f6785ac83045be11c2fd989f2f202bbd69064cc2743268ef7331ddcde247f
SHA512

cef9d8bd6df34d952397f682f925d58dc940a80edb8e1a0eec4af4818fe2fea672152630595ca7b724eeebfc40c5e49f50f0d7933fb4fffd9c5a6cfe67757ddc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 1676	1092	rundll32.exe	27
PID 1092 wrote to memory of 1676	1092	rundll32.exe	27
PID 1092 wrote to memory of 1676	1092	rundll32.exe	27
PID 1092 wrote to memory of 1676	1092	rundll32.exe	27
PID 1092 wrote to memory of 1676	1092	rundll32.exe	27
PID 1092 wrote to memory of 1676	1092	rundll32.exe	27
PID 1092 wrote to memory of 1676	1092	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b1f6785ac83045be11c2fd989f2f202bbd69064cc2743268ef7331ddcde247f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b1f6785ac83045be11c2fd989f2f202bbd69064cc2743268ef7331ddcde247f.dll,#1
  2⤵
  PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1676-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download