4ff20c767934c4d457628c7908cf6e2cea9da09b79a9d10afd299794fb68714a | Triage

Analysis

max time kernel
26s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 10:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4ff20c767934c4d457628c7908cf6e2cea9da09b79a9d10afd299794fb68714a.dll
Size

3KB
MD5

be8b9b9573d1cc8a4e6edb0a7e1128d0
SHA1

592825833f093aecd7cb4142985fa8078c8e076b
SHA256

4ff20c767934c4d457628c7908cf6e2cea9da09b79a9d10afd299794fb68714a
SHA512

d49383990af602d2488733ca6ae043d05448d4d66e75cd9b006fecda682f15fa7078400b496cf1db53b266e5f9d4634eb85a9e9746b66c561008f8adab96e300

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 1584	1516	rundll32.exe	28
PID 1516 wrote to memory of 1584	1516	rundll32.exe	28
PID 1516 wrote to memory of 1584	1516	rundll32.exe	28
PID 1516 wrote to memory of 1584	1516	rundll32.exe	28
PID 1516 wrote to memory of 1584	1516	rundll32.exe	28
PID 1516 wrote to memory of 1584	1516	rundll32.exe	28
PID 1516 wrote to memory of 1584	1516	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ff20c767934c4d457628c7908cf6e2cea9da09b79a9d10afd299794fb68714a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ff20c767934c4d457628c7908cf6e2cea9da09b79a9d10afd299794fb68714a.dll,#1
  2⤵
  PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1584-55-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download