c9f0edbf0c8aaf965208fa5b2ee1b0825b1830f69c12828bf10b6160213fbdc6 | Triage

Analysis

max time kernel
14s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:15

Sharing

Report Analysis Logs

General

Target

c9f0edbf0c8aaf965208fa5b2ee1b0825b1830f69c12828bf10b6160213fbdc6.dll
Size

4KB
MD5

5c90fb70f135851ce721fb54363ec2f0
SHA1

620c3940d18231c2612b7d382e09af4cef06b6e0
SHA256

c9f0edbf0c8aaf965208fa5b2ee1b0825b1830f69c12828bf10b6160213fbdc6
SHA512

6ffa24dcc1a603b1a0bb27f0b6ce47fa921c52ab7dfd89d7f1ff91c618e201296e736a2766d42ae5ac43894e4977bf9aa0d810ae38edee1d5a37fed29879034a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9f0edbf0c8aaf965208fa5b2ee1b0825b1830f69c12828bf10b6160213fbdc6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9f0edbf0c8aaf965208fa5b2ee1b0825b1830f69c12828bf10b6160213fbdc6.dll,#1
  2⤵
  PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-55-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download