cf495c11b4449cc95045291dd10125cdcc73dec84ead0c66e0617f57b258a22b | Triage

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 18:23

Sharing

Report Analysis Logs

General

Target

cf495c11b4449cc95045291dd10125cdcc73dec84ead0c66e0617f57b258a22b.dll
Size

3KB
MD5

9f1137ea2e106aad103ff4735c68578f
SHA1

5e7d502e921b50e6427dc88f9d2f53ca4393eaa3
SHA256

cf495c11b4449cc95045291dd10125cdcc73dec84ead0c66e0617f57b258a22b
SHA512

9590fa7e981cde02a754934041054c2b86f006bafa2e30e4fa8213bf201b279cce5867f16c6236ad401164ee4d3bd3613db187a07aeed512633f3a250dea82ea

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1128	2016	rundll32.exe	26
PID 2016 wrote to memory of 1128	2016	rundll32.exe	26
PID 2016 wrote to memory of 1128	2016	rundll32.exe	26
PID 2016 wrote to memory of 1128	2016	rundll32.exe	26
PID 2016 wrote to memory of 1128	2016	rundll32.exe	26
PID 2016 wrote to memory of 1128	2016	rundll32.exe	26
PID 2016 wrote to memory of 1128	2016	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf495c11b4449cc95045291dd10125cdcc73dec84ead0c66e0617f57b258a22b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf495c11b4449cc95045291dd10125cdcc73dec84ead0c66e0617f57b258a22b.dll,#1
  2⤵
  PID:1128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1128-55-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download