870e553e3812186bb771a4c9189e45ea2bae93ac2ccfe6adfe1b7bab0863a9c0 | Triage

Analysis

max time kernel
41s
max time network
168s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 09:19

Sharing

Report Analysis Logs

General

Target

870e553e3812186bb771a4c9189e45ea2bae93ac2ccfe6adfe1b7bab0863a9c0.dll
Size

3KB
MD5

7fd8369dcf6db929c066075136c9fca0
SHA1

52a30909ff8c9aa3718e97e190ab9ae192f90e95
SHA256

870e553e3812186bb771a4c9189e45ea2bae93ac2ccfe6adfe1b7bab0863a9c0
SHA512

326208a00130731523ca13d6fc21c5ce22544a1f43d52d0452377a45e61fca7df347a5e8e880aff2dccf1010e5270ab687e5d6a4b913d859438e0ff1f6201c19

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 1160	684	rundll32.exe	28
PID 684 wrote to memory of 1160	684	rundll32.exe	28
PID 684 wrote to memory of 1160	684	rundll32.exe	28
PID 684 wrote to memory of 1160	684	rundll32.exe	28
PID 684 wrote to memory of 1160	684	rundll32.exe	28
PID 684 wrote to memory of 1160	684	rundll32.exe	28
PID 684 wrote to memory of 1160	684	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\870e553e3812186bb771a4c9189e45ea2bae93ac2ccfe6adfe1b7bab0863a9c0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\870e553e3812186bb771a4c9189e45ea2bae93ac2ccfe6adfe1b7bab0863a9c0.dll,#1
  2⤵
  PID:1160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1160-55-0x00000000761E1000-0x00000000761E3000-memory.dmp

Filesize
8KB

Download