ba7b16d15e0550e802b7f1b9d57789b6177edb57b2302a8edb0c5dcedbf5133c | Triage

Analysis

max time kernel
3s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 11:03

Sharing

Report Analysis Logs

General

Target

ba7b16d15e0550e802b7f1b9d57789b6177edb57b2302a8edb0c5dcedbf5133c.dll
Size

3KB
MD5

14619c3bd601aef64610289e39e33920
SHA1

21cc151a4405f28f67645ac81b21ce327570a539
SHA256

ba7b16d15e0550e802b7f1b9d57789b6177edb57b2302a8edb0c5dcedbf5133c
SHA512

8fb8bba982ec96b706b0d51f03e3801da829abb2602877d77b8fbe3e95962c40971e7768787526f6a80f466c066024351adf64490872eb9ee0f3981444331423

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 1744	1564	rundll32.exe	28
PID 1564 wrote to memory of 1744	1564	rundll32.exe	28
PID 1564 wrote to memory of 1744	1564	rundll32.exe	28
PID 1564 wrote to memory of 1744	1564	rundll32.exe	28
PID 1564 wrote to memory of 1744	1564	rundll32.exe	28
PID 1564 wrote to memory of 1744	1564	rundll32.exe	28
PID 1564 wrote to memory of 1744	1564	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba7b16d15e0550e802b7f1b9d57789b6177edb57b2302a8edb0c5dcedbf5133c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba7b16d15e0550e802b7f1b9d57789b6177edb57b2302a8edb0c5dcedbf5133c.dll,#1
  2⤵
  PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-55-0x0000000075611000-0x0000000075613000-memory.dmp

Filesize
8KB

Download