b1cb6a68f6a199727b77d4567c0c4a54edce7378cf4f0cca023246d63ad90e64 | Triage

Analysis

max time kernel
233s
max time network
335s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 07:14

Sharing

Report Analysis Logs

General

Target

b1cb6a68f6a199727b77d4567c0c4a54edce7378cf4f0cca023246d63ad90e64.dll
Size

3KB
MD5

7d45426c39b82ed1b5799846225a9284
SHA1

d1ee2170d66447df40544bdc7857de748c2b2694
SHA256

b1cb6a68f6a199727b77d4567c0c4a54edce7378cf4f0cca023246d63ad90e64
SHA512

c3fa63ab9b16ff57fa45399208b953653a4f0cfd85b4834d70a68d71bfc48279a816fc9a1f6094f49bff7f3ddf07dcd3bc8dda07da40e28096ad8efa36692819

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 1856	1492	rundll32.exe	28
PID 1492 wrote to memory of 1856	1492	rundll32.exe	28
PID 1492 wrote to memory of 1856	1492	rundll32.exe	28
PID 1492 wrote to memory of 1856	1492	rundll32.exe	28
PID 1492 wrote to memory of 1856	1492	rundll32.exe	28
PID 1492 wrote to memory of 1856	1492	rundll32.exe	28
PID 1492 wrote to memory of 1856	1492	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1cb6a68f6a199727b77d4567c0c4a54edce7378cf4f0cca023246d63ad90e64.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1cb6a68f6a199727b77d4567c0c4a54edce7378cf4f0cca023246d63ad90e64.dll,#1
  2⤵
  PID:1856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1856-54-0x0000000000000000-mapping.dmp

Download
memory/1856-55-0x0000000076391000-0x0000000076393000-memory.dmp

Filesize
8KB

Download
memory/1856-56-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download
memory/1856-57-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download
memory/1856-58-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download