8c68ef9c7b7420c2bbf4b031c2bc36e8cf2ddd9c92deba9054af4df5fc5d5ba6 | Triage

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:21

Sharing

Report Analysis Logs

General

Target

8c68ef9c7b7420c2bbf4b031c2bc36e8cf2ddd9c92deba9054af4df5fc5d5ba6.dll
Size

4KB
MD5

26bbb1ab25a829bd7c007690d5984e30
SHA1

82d64d3d0406320bf138c74ca9e35504fed07ec1
SHA256

8c68ef9c7b7420c2bbf4b031c2bc36e8cf2ddd9c92deba9054af4df5fc5d5ba6
SHA512

f3f8bcf646353439ab87fd0d209cd181e9b76b81a71d77360f478ef715fc2840f59a6ae89321ac5f82da3d175daac9aed68d87e82a4f11e04ea4c9adb8a1ccc2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c68ef9c7b7420c2bbf4b031c2bc36e8cf2ddd9c92deba9054af4df5fc5d5ba6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c68ef9c7b7420c2bbf4b031c2bc36e8cf2ddd9c92deba9054af4df5fc5d5ba6.dll,#1
  2⤵
  PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1112-55-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download