af6a07dac0bb7b3418136e86750065052cd1cddf38d409e49bdd530f38d49449 | Triage

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

af6a07dac0bb7b3418136e86750065052cd1cddf38d409e49bdd530f38d49449.dll
Size

4KB
MD5

3167a103c4e04f058207d4fcacf3f220
SHA1

980b8d39278e6f51ba9c60d4eff11a8f77c58f63
SHA256

af6a07dac0bb7b3418136e86750065052cd1cddf38d409e49bdd530f38d49449
SHA512

cd58b7bb88ff76ddc80c43d19a5d1773a0807369043ac82a7781c071d797bb56b95cbc85e569f336ac3c61d20d823585a59de3b757ce77719fd254cd0adadeae

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27
PID 1720 wrote to memory of 1300	1720	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af6a07dac0bb7b3418136e86750065052cd1cddf38d409e49bdd530f38d49449.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af6a07dac0bb7b3418136e86750065052cd1cddf38d409e49bdd530f38d49449.dll,#1
  2⤵
  PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1300-55-0x00000000765B1000-0x00000000765B3000-memory.dmp

Filesize
8KB

Download