af6cb623c55c0caf18f0f01fcf8cf4254bfd65b6bc5fb3f9df28e5da4c85c5f9 | Triage

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 08:56

Sharing

Report Analysis Logs

General

Target

af6cb623c55c0caf18f0f01fcf8cf4254bfd65b6bc5fb3f9df28e5da4c85c5f9.dll
Size

4KB
MD5

429a885e656c60ac08d8312f30940370
SHA1

6991977a2f7c7ae146c17494bdcf7be54e76a832
SHA256

af6cb623c55c0caf18f0f01fcf8cf4254bfd65b6bc5fb3f9df28e5da4c85c5f9
SHA512

a07d7b4c98c8d7ecc61c91c59173bdad2de78954fd3b2182b16e869923f4d4775cd9b0724bde36b7b9e9d33f655a0b18b3440e0bf18dce8f41fbe7f6bacc4682

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 1612	1544	rundll32.exe	26
PID 1544 wrote to memory of 1612	1544	rundll32.exe	26
PID 1544 wrote to memory of 1612	1544	rundll32.exe	26
PID 1544 wrote to memory of 1612	1544	rundll32.exe	26
PID 1544 wrote to memory of 1612	1544	rundll32.exe	26
PID 1544 wrote to memory of 1612	1544	rundll32.exe	26
PID 1544 wrote to memory of 1612	1544	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af6cb623c55c0caf18f0f01fcf8cf4254bfd65b6bc5fb3f9df28e5da4c85c5f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af6cb623c55c0caf18f0f01fcf8cf4254bfd65b6bc5fb3f9df28e5da4c85c5f9.dll,#1
  2⤵
  PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1612-55-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download