980d08ac0f54c86d7323392a00b63a6cd03d6790afc3806693187fd20ecfaaf8 | Triage

Analysis

max time kernel
10s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 18:19

Sharing

Report Analysis Logs

General

Target

980d08ac0f54c86d7323392a00b63a6cd03d6790afc3806693187fd20ecfaaf8.dll
Size

3KB
MD5

2e6beea0a908cbbb496fc7c083358770
SHA1

e6dab4d7a3fb8e32e95a286bd58cedf8389c4ef7
SHA256

980d08ac0f54c86d7323392a00b63a6cd03d6790afc3806693187fd20ecfaaf8
SHA512

bef2337cd1d7030bb4081160325065ff11bebe5e6186537089721d35acdc0a2645259dcb37b3a8d7afafca4f98ebff36215fd9219cf333b62611426b598973d2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\980d08ac0f54c86d7323392a00b63a6cd03d6790afc3806693187fd20ecfaaf8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\980d08ac0f54c86d7323392a00b63a6cd03d6790afc3806693187fd20ecfaaf8.dll,#1
  2⤵
  PID:1400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1400-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download