aa9f59ef43b6394cacc2d02f15027de0c84e6131f4e3dad60201420df0ca21e4 | Triage

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 20:37

Sharing

Report Analysis Logs

General

Target

aa9f59ef43b6394cacc2d02f15027de0c84e6131f4e3dad60201420df0ca21e4.dll
Size

3KB
MD5

ba85287af21bbfb923ad4ca09871aad5
SHA1

168ed144ec0a40d703d5d890c73eacbe415fc8a5
SHA256

aa9f59ef43b6394cacc2d02f15027de0c84e6131f4e3dad60201420df0ca21e4
SHA512

71388bf746029c7b76899cbe01d15042ee2f5d46ef5129d19462bb8387359e61a69ba8ffdd6d9395d400f2ac10c28c3776b2dbd2765a674307c2193632dce5f3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27
PID 1184 wrote to memory of 2044	1184	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa9f59ef43b6394cacc2d02f15027de0c84e6131f4e3dad60201420df0ca21e4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa9f59ef43b6394cacc2d02f15027de0c84e6131f4e3dad60201420df0ca21e4.dll,#1
  2⤵
  PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-54-0x0000000000000000-mapping.dmp

Download
memory/2044-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download