859e96922b5789184b7315f3364ea39315a2b1b84570d67a22b05f98cd3da2c9 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:32

Sharing

Report Analysis Logs

General

Target

859e96922b5789184b7315f3364ea39315a2b1b84570d67a22b05f98cd3da2c9.dll
Size

4KB
MD5

4001fd93bab49e2b4a4c0d56a6c5d8c0
SHA1

53bdb807d9f573ae72f4716171b45cb37bcb12f5
SHA256

859e96922b5789184b7315f3364ea39315a2b1b84570d67a22b05f98cd3da2c9
SHA512

ac5738cd03e77902722cfd7ce9b9007ab0f08a216d948d0ec944d1a820ff085c2d51bbbf42323818dea444f73b031e29f24cc38f3d731f59f6390306437d3c36

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27
PID 1684 wrote to memory of 368	1684	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\859e96922b5789184b7315f3364ea39315a2b1b84570d67a22b05f98cd3da2c9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\859e96922b5789184b7315f3364ea39315a2b1b84570d67a22b05f98cd3da2c9.dll,#1
  2⤵
  PID:368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/368-55-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download