bdba9fc33cf7979b6316831e08d4119d4ae6f0fa2b2cb9bfa32433e0186501f9 | Triage

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:40

Sharing

Report Analysis Logs

General

Target

bdba9fc33cf7979b6316831e08d4119d4ae6f0fa2b2cb9bfa32433e0186501f9.dll
Size

3KB
MD5

39a443e45b888972c9e20a9d3bf8b040
SHA1

6c07fd08388de099b279300b534d9c06466f3ade
SHA256

bdba9fc33cf7979b6316831e08d4119d4ae6f0fa2b2cb9bfa32433e0186501f9
SHA512

12c4685faf781ed27f8d8f1b3ea236faf3c0ef998910f7fe561f375501eb389dfa6ac5c81e9232cf9dd9077cd49629ecd89c5d8bc67b3e0d4a7a6afe2d44221e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 884	1636	rundll32.exe	27
PID 1636 wrote to memory of 884	1636	rundll32.exe	27
PID 1636 wrote to memory of 884	1636	rundll32.exe	27
PID 1636 wrote to memory of 884	1636	rundll32.exe	27
PID 1636 wrote to memory of 884	1636	rundll32.exe	27
PID 1636 wrote to memory of 884	1636	rundll32.exe	27
PID 1636 wrote to memory of 884	1636	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdba9fc33cf7979b6316831e08d4119d4ae6f0fa2b2cb9bfa32433e0186501f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdba9fc33cf7979b6316831e08d4119d4ae6f0fa2b2cb9bfa32433e0186501f9.dll,#1
  2⤵
  PID:884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/884-55-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download