91c17a0ba74654bed8a6ab027456fc83f8bc84f8284c3504e4e12f99569f8c83 | Triage

Analysis

max time kernel
41s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 09:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

91c17a0ba74654bed8a6ab027456fc83f8bc84f8284c3504e4e12f99569f8c83.dll
Size

3KB
MD5

bdf777aa938c379e7a235c26c8182ba0
SHA1

ccaad2a05829dfa94ec47891ef0b04a6d336d468
SHA256

91c17a0ba74654bed8a6ab027456fc83f8bc84f8284c3504e4e12f99569f8c83
SHA512

0c0ab6b2713e11fc3389061c7adf944f0fc0b8396048aed055adc293dc366778d47af73a39af2a9e04db21eb9a0de72b56be10acaa8b48d67e47dccb24df99f4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1648	1632	rundll32.exe	28
PID 1632 wrote to memory of 1648	1632	rundll32.exe	28
PID 1632 wrote to memory of 1648	1632	rundll32.exe	28
PID 1632 wrote to memory of 1648	1632	rundll32.exe	28
PID 1632 wrote to memory of 1648	1632	rundll32.exe	28
PID 1632 wrote to memory of 1648	1632	rundll32.exe	28
PID 1632 wrote to memory of 1648	1632	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\91c17a0ba74654bed8a6ab027456fc83f8bc84f8284c3504e4e12f99569f8c83.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\91c17a0ba74654bed8a6ab027456fc83f8bc84f8284c3504e4e12f99569f8c83.dll,#1
  2⤵
  PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1648-55-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download