d2116832f37aa682345b4a41bfae8e070dacec3926c340571b608dd6e656521b | Triage

Analysis

max time kernel
243s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:02

Sharing

Report Analysis Logs

General

Target

d2116832f37aa682345b4a41bfae8e070dacec3926c340571b608dd6e656521b.dll
Size

3KB
MD5

6fbbbe84c3c6b9630574e0c4e39fc830
SHA1

4e4ff1e311bffbcc3f5c54e174c9226092c725ea
SHA256

d2116832f37aa682345b4a41bfae8e070dacec3926c340571b608dd6e656521b
SHA512

8d4da495a0c80fe9e864714966b604afc6d5b3ed825242956220f49363c931c4acdadc52f7c2f423ac93d62b35a7c821c5486c5de74d85c12b1fa8e87e74a7fa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1868	1192	rundll32.exe	27
PID 1192 wrote to memory of 1868	1192	rundll32.exe	27
PID 1192 wrote to memory of 1868	1192	rundll32.exe	27
PID 1192 wrote to memory of 1868	1192	rundll32.exe	27
PID 1192 wrote to memory of 1868	1192	rundll32.exe	27
PID 1192 wrote to memory of 1868	1192	rundll32.exe	27
PID 1192 wrote to memory of 1868	1192	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d2116832f37aa682345b4a41bfae8e070dacec3926c340571b608dd6e656521b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d2116832f37aa682345b4a41bfae8e070dacec3926c340571b608dd6e656521b.dll,#1
  2⤵
  PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1868-55-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download