f900ed44fbfd5ab810a07a56cee981d61fd7cf221ae189925b750743a84c4181 | Triage

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 00:10

Sharing

Report Analysis Logs

General

Target

f900ed44fbfd5ab810a07a56cee981d61fd7cf221ae189925b750743a84c4181.dll
Size

4KB
MD5

22ec8e5321953b1a8eb58d5cd746dc80
SHA1

a79d3b3e3412118302608f1f1092a5edb66a7c06
SHA256

f900ed44fbfd5ab810a07a56cee981d61fd7cf221ae189925b750743a84c4181
SHA512

4360a0bfc562c7516241cb7d1b51f36c6d1a3a0da82b6e65139199c7be1d689eef1df1813b00ca2b3bdcf0e7069dbf700dbabc0a8299dbf24bd6b63b854ff4e1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26
PID 1160 wrote to memory of 1892	1160	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f900ed44fbfd5ab810a07a56cee981d61fd7cf221ae189925b750743a84c4181.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f900ed44fbfd5ab810a07a56cee981d61fd7cf221ae189925b750743a84c4181.dll,#1
  2⤵
  PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1892-55-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download