8f26bbdcbfd0e066766846615dc76608081129fbc1f45fca15550cff5f9eeed2 | Triage

Analysis

max time kernel
25s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 18:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8f26bbdcbfd0e066766846615dc76608081129fbc1f45fca15550cff5f9eeed2.dll
Size

3KB
MD5

ce660f5ad7cc0855fabf6bbce2221640
SHA1

5d17367f1b8df69468c7d73900cf820cd88410b0
SHA256

8f26bbdcbfd0e066766846615dc76608081129fbc1f45fca15550cff5f9eeed2
SHA512

af7b39fb2f8002c65ca8555931cf1166181f6e5e0205e7ba33540a6766acbbe3e5c31e047e8af3216afe6962c284fcdb94a1c20039569d78a77bf734bf36dd2c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 1064	536	rundll32.exe	28
PID 536 wrote to memory of 1064	536	rundll32.exe	28
PID 536 wrote to memory of 1064	536	rundll32.exe	28
PID 536 wrote to memory of 1064	536	rundll32.exe	28
PID 536 wrote to memory of 1064	536	rundll32.exe	28
PID 536 wrote to memory of 1064	536	rundll32.exe	28
PID 536 wrote to memory of 1064	536	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f26bbdcbfd0e066766846615dc76608081129fbc1f45fca15550cff5f9eeed2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f26bbdcbfd0e066766846615dc76608081129fbc1f45fca15550cff5f9eeed2.dll,#1
  2⤵
  PID:1064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1064-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download