2b91fbadc0fa69b91f2476441630e44a607f9271f6c9f1faa6d667eca2a0129c | Triage

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 20:46

Sharing

Report Analysis Logs

General

Target

2b91fbadc0fa69b91f2476441630e44a607f9271f6c9f1faa6d667eca2a0129c.dll
Size

3KB
MD5

95212d639e6e4e81baca07fb52d29ae0
SHA1

4d8400896cd059ee8648d5c3b4ecbfdbf7cdf01a
SHA256

2b91fbadc0fa69b91f2476441630e44a607f9271f6c9f1faa6d667eca2a0129c
SHA512

dee1d409a2008258249af3fbb4fb7702ce9073db773af1337d05e9573d5a676ba39b523fd99181f234771063d5fe439f09391f30abf53ad36bf9c84c9ac5d55d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 912	1788	rundll32.exe	27
PID 1788 wrote to memory of 912	1788	rundll32.exe	27
PID 1788 wrote to memory of 912	1788	rundll32.exe	27
PID 1788 wrote to memory of 912	1788	rundll32.exe	27
PID 1788 wrote to memory of 912	1788	rundll32.exe	27
PID 1788 wrote to memory of 912	1788	rundll32.exe	27
PID 1788 wrote to memory of 912	1788	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b91fbadc0fa69b91f2476441630e44a607f9271f6c9f1faa6d667eca2a0129c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b91fbadc0fa69b91f2476441630e44a607f9271f6c9f1faa6d667eca2a0129c.dll,#1
  2⤵
  PID:912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/912-55-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download