5aa2f92dc3e8fe78fd5fe1fc683fbbfc8010f4588395750bdac9e56e9668ad7a | Triage

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:29

Sharing

Report Analysis Logs

General

Target

5aa2f92dc3e8fe78fd5fe1fc683fbbfc8010f4588395750bdac9e56e9668ad7a.dll
Size

4KB
MD5

189cc1c1d514de05d65eccde9f87e780
SHA1

3049a86d8c93f7865625f6f0b7c06c1b83b03aba
SHA256

5aa2f92dc3e8fe78fd5fe1fc683fbbfc8010f4588395750bdac9e56e9668ad7a
SHA512

6d5e8816c05e8e3bf21c63dd998e4d548bcb94ae6f9769df24746624a9848b58a017826dbb4b884b99945d9a40cecf48a773072eea1fbca8a12d5167606b4348

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5aa2f92dc3e8fe78fd5fe1fc683fbbfc8010f4588395750bdac9e56e9668ad7a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5aa2f92dc3e8fe78fd5fe1fc683fbbfc8010f4588395750bdac9e56e9668ad7a.dll,#1
  2⤵
  PID:552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/552-55-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download