f3f84befd4e05641e03fb638f90b45be2b419a90c06a3bd017365800248da81f | Triage

Analysis

max time kernel
33s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 00:54

Sharing

Report Analysis Logs

General

Target

f3f84befd4e05641e03fb638f90b45be2b419a90c06a3bd017365800248da81f.dll
Size

4KB
MD5

2d35e6ab4a39b9af4bdf07d93760bc60
SHA1

0d8980dd779400a72e582393743ff0442906290a
SHA256

f3f84befd4e05641e03fb638f90b45be2b419a90c06a3bd017365800248da81f
SHA512

dd731c9c3689a0ab64cff7851196f2f7cbd5e503e660c102bcb3340e4fcf19d67a3b92a74440d281d1a39e32ebaea05b5fd1203f192eac87101c32a49fac15ab

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 1092	1644	rundll32.exe	27
PID 1644 wrote to memory of 1092	1644	rundll32.exe	27
PID 1644 wrote to memory of 1092	1644	rundll32.exe	27
PID 1644 wrote to memory of 1092	1644	rundll32.exe	27
PID 1644 wrote to memory of 1092	1644	rundll32.exe	27
PID 1644 wrote to memory of 1092	1644	rundll32.exe	27
PID 1644 wrote to memory of 1092	1644	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3f84befd4e05641e03fb638f90b45be2b419a90c06a3bd017365800248da81f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3f84befd4e05641e03fb638f90b45be2b419a90c06a3bd017365800248da81f.dll,#1
  2⤵
  PID:1092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1092-55-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download