898ca5e1ecb6e0b39bd8d9995fc5a7fdd82600050b1520c6663a59304040bcde | Triage

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 20:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

898ca5e1ecb6e0b39bd8d9995fc5a7fdd82600050b1520c6663a59304040bcde.dll
Size

3KB
MD5

2bb319bfd2aad6fadc1562f90246fe34
SHA1

3dcbb6d692b5425a3452b3368edd209c5850e9f4
SHA256

898ca5e1ecb6e0b39bd8d9995fc5a7fdd82600050b1520c6663a59304040bcde
SHA512

b2e365bfaede365780b91d70067f953283db9dcaf99eeb4694cfe2e1fe379c461e7b29dd365220c4b3342219f8e2e8ce2ae571a8482eac9d52985b96ae9ce260

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\898ca5e1ecb6e0b39bd8d9995fc5a7fdd82600050b1520c6663a59304040bcde.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\898ca5e1ecb6e0b39bd8d9995fc5a7fdd82600050b1520c6663a59304040bcde.dll,#1
  2⤵
  PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download