d9b44d8e765a89845358eb3b562367d15564554db0fbbce1e976386bc9207993 | Triage

Analysis

max time kernel
9s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 18:23

Sharing

Report Analysis Logs

General

Target

d9b44d8e765a89845358eb3b562367d15564554db0fbbce1e976386bc9207993.dll
Size

3KB
MD5

0f3a3d6a93049d9337d91d47e5b8c720
SHA1

97db19f579645b25fb4a9d7479f3dc867c7e30fc
SHA256

d9b44d8e765a89845358eb3b562367d15564554db0fbbce1e976386bc9207993
SHA512

61b8f2d4680022453f680a82c714db9eb364ecfc83e3f2f9436c279fe6b1767ad5d590a76bcaf4b5a4e0f65b8937d08b7cd4e7d51671842986257a2d2bb41021

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 948	1216	rundll32.exe	28
PID 1216 wrote to memory of 948	1216	rundll32.exe	28
PID 1216 wrote to memory of 948	1216	rundll32.exe	28
PID 1216 wrote to memory of 948	1216	rundll32.exe	28
PID 1216 wrote to memory of 948	1216	rundll32.exe	28
PID 1216 wrote to memory of 948	1216	rundll32.exe	28
PID 1216 wrote to memory of 948	1216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9b44d8e765a89845358eb3b562367d15564554db0fbbce1e976386bc9207993.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9b44d8e765a89845358eb3b562367d15564554db0fbbce1e976386bc9207993.dll,#1
  2⤵
  PID:948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/948-54-0x0000000000000000-mapping.dmp

Download
memory/948-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download