d0fee882c6910cec59a84233db9665dd1f32ffc88f4aacad2b43d2c1822baaae | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 12:35

Sharing

Report Analysis Logs

General

Target

d0fee882c6910cec59a84233db9665dd1f32ffc88f4aacad2b43d2c1822baaae.dll
Size

4KB
MD5

00388b53c607d15dabc1cb9bba3446f0
SHA1

414495be3bf8bf7649c283cab810ab9e19b69141
SHA256

d0fee882c6910cec59a84233db9665dd1f32ffc88f4aacad2b43d2c1822baaae
SHA512

bf449ad1397cacf8a0e9c9d245df128b38271fa1ad3a3653122f40ca827136219845884ed0c7f7fb990047d4cfce95368ea8b8255fe4d6743612346cffef5a07

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0fee882c6910cec59a84233db9665dd1f32ffc88f4aacad2b43d2c1822baaae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0fee882c6910cec59a84233db9665dd1f32ffc88f4aacad2b43d2c1822baaae.dll,#1
  2⤵
  PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1928-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download