fc4fab1cdb9ba3ffe6bd2138655baeb860768968ecffd21ca822f524d898f746 | Triage

Analysis

max time kernel
28s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:36

Sharing

Report Analysis Logs

General

Target

fc4fab1cdb9ba3ffe6bd2138655baeb860768968ecffd21ca822f524d898f746.dll
Size

3KB
MD5

036c922e5ff3e757e20da036b28057d0
SHA1

2242b830a11db23d63fc2328943e751c8681c160
SHA256

fc4fab1cdb9ba3ffe6bd2138655baeb860768968ecffd21ca822f524d898f746
SHA512

c4a5694636329a0779ec5ecae4cdbeaee71998a9e7f9fe8495e60d02c1c4ef4e0574c2ee9f798af6b9406fd82aeaaaccf620d2d896017e5b34a21e3881b4a820

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 608	1648	rundll32.exe	28
PID 1648 wrote to memory of 608	1648	rundll32.exe	28
PID 1648 wrote to memory of 608	1648	rundll32.exe	28
PID 1648 wrote to memory of 608	1648	rundll32.exe	28
PID 1648 wrote to memory of 608	1648	rundll32.exe	28
PID 1648 wrote to memory of 608	1648	rundll32.exe	28
PID 1648 wrote to memory of 608	1648	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc4fab1cdb9ba3ffe6bd2138655baeb860768968ecffd21ca822f524d898f746.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc4fab1cdb9ba3ffe6bd2138655baeb860768968ecffd21ca822f524d898f746.dll,#1
  2⤵
  PID:608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/608-55-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download