14207d44797bfbbffb6dda70a1ca0ac7be5e2ffe88a5f9e15017bf18605b58cd | Triage

Analysis

max time kernel
28s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 11:25

Sharing

Report Analysis Logs

General

Target

14207d44797bfbbffb6dda70a1ca0ac7be5e2ffe88a5f9e15017bf18605b58cd.dll
Size

3KB
MD5

6f2c4f9d65fa486043d99bbd9c92c850
SHA1

3e50927cf48d317a4e0651dad98747207c678e44
SHA256

14207d44797bfbbffb6dda70a1ca0ac7be5e2ffe88a5f9e15017bf18605b58cd
SHA512

a371e21321ec53b46cc0668b51884aef4bbb32ece04e39e79b1a38bf30adce2b2f35fbbfb431609bf16a5ad19b3ff039ef499427b3ff51754d82e6715ede568f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 684	1668	rundll32.exe	28
PID 1668 wrote to memory of 684	1668	rundll32.exe	28
PID 1668 wrote to memory of 684	1668	rundll32.exe	28
PID 1668 wrote to memory of 684	1668	rundll32.exe	28
PID 1668 wrote to memory of 684	1668	rundll32.exe	28
PID 1668 wrote to memory of 684	1668	rundll32.exe	28
PID 1668 wrote to memory of 684	1668	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14207d44797bfbbffb6dda70a1ca0ac7be5e2ffe88a5f9e15017bf18605b58cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14207d44797bfbbffb6dda70a1ca0ac7be5e2ffe88a5f9e15017bf18605b58cd.dll,#1
  2⤵
  PID:684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/684-55-0x0000000075241000-0x0000000075243000-memory.dmp

Filesize
8KB

Download