afa4b3fb49ecf28310bbfb2e524921a79e957daa353a8e3acd318625ed577e4c | Triage

Analysis

max time kernel
41s
max time network
48s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 20:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

afa4b3fb49ecf28310bbfb2e524921a79e957daa353a8e3acd318625ed577e4c.dll
Size

3KB
MD5

54fb27d25c937e2ac214e87763a80680
SHA1

ea493cb7e4d111af64df7cbf4f2dbb2149d69478
SHA256

afa4b3fb49ecf28310bbfb2e524921a79e957daa353a8e3acd318625ed577e4c
SHA512

813ef631f6294e46e8cabd88e0e44e135b19682aeb7950c71ad09dde44fe92e81294277b91f64e78320cf0b6d4e0f83aaea11b1a73d8bbc45843bfc5f75b64c9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1068	2020	rundll32.exe	28
PID 2020 wrote to memory of 1068	2020	rundll32.exe	28
PID 2020 wrote to memory of 1068	2020	rundll32.exe	28
PID 2020 wrote to memory of 1068	2020	rundll32.exe	28
PID 2020 wrote to memory of 1068	2020	rundll32.exe	28
PID 2020 wrote to memory of 1068	2020	rundll32.exe	28
PID 2020 wrote to memory of 1068	2020	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\afa4b3fb49ecf28310bbfb2e524921a79e957daa353a8e3acd318625ed577e4c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\afa4b3fb49ecf28310bbfb2e524921a79e957daa353a8e3acd318625ed577e4c.dll,#1
  2⤵
  PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1068-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download