a61a58d134cb259ab84a607443ec7698e89bfe06658a503c0d09036e2ece7fd3 | Triage

Analysis

max time kernel
11s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 18:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a61a58d134cb259ab84a607443ec7698e89bfe06658a503c0d09036e2ece7fd3.dll
Size

3KB
MD5

180efd6dd1dff9f2f0f313229b55bfb0
SHA1

8e923a7577892e48e0d4975050c9a6f421462def
SHA256

a61a58d134cb259ab84a607443ec7698e89bfe06658a503c0d09036e2ece7fd3
SHA512

9b20b0e309e500071c3c84e7d2d2412fedcd1c3213a266ae3f52d1068669791d0d654039eee0f2e157aa9bd03279d72f907bf6703dcc2171432cfc6457c2925a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 1308	840	rundll32.exe	28
PID 840 wrote to memory of 1308	840	rundll32.exe	28
PID 840 wrote to memory of 1308	840	rundll32.exe	28
PID 840 wrote to memory of 1308	840	rundll32.exe	28
PID 840 wrote to memory of 1308	840	rundll32.exe	28
PID 840 wrote to memory of 1308	840	rundll32.exe	28
PID 840 wrote to memory of 1308	840	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a61a58d134cb259ab84a607443ec7698e89bfe06658a503c0d09036e2ece7fd3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a61a58d134cb259ab84a607443ec7698e89bfe06658a503c0d09036e2ece7fd3.dll,#1
  2⤵
  PID:1308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1308-55-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download