b244ae08885f90bd6ca249479f46bdcc6b4f0bb425d25f7430d011c81b7b3126 | Triage

Analysis

max time kernel
40s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 09:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b244ae08885f90bd6ca249479f46bdcc6b4f0bb425d25f7430d011c81b7b3126.dll
Size

3KB
MD5

8919431c5f0566dc0614371432140e90
SHA1

2271d1237b4f0a059f3979d5241ba8dbad6db33d
SHA256

b244ae08885f90bd6ca249479f46bdcc6b4f0bb425d25f7430d011c81b7b3126
SHA512

d64a993e1313c36580eab6697de1126415301f6369a7203a2b472cd58524fa56d1f8058acd236d19170da215c7d0de040ecfcaa8731b9f0ddf30bef99e3df1ef

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b244ae08885f90bd6ca249479f46bdcc6b4f0bb425d25f7430d011c81b7b3126.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b244ae08885f90bd6ca249479f46bdcc6b4f0bb425d25f7430d011c81b7b3126.dll,#1
  2⤵
  PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1360-55-0x00000000756A1000-0x00000000756A3000-memory.dmp

Filesize
8KB

Download