f2aa7eef220ca9eeb88e1d72f852fe2673b59da7f7f6d452d3499c2a960039e0 | Triage

Analysis

max time kernel
14s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:48

Sharing

Report Analysis Logs

General

Target

f2aa7eef220ca9eeb88e1d72f852fe2673b59da7f7f6d452d3499c2a960039e0.dll
Size

3KB
MD5

b735f43a44b67067ced4174fbe407400
SHA1

582c260192e3bdd68587bb72aadf5b22ead0da3b
SHA256

f2aa7eef220ca9eeb88e1d72f852fe2673b59da7f7f6d452d3499c2a960039e0
SHA512

9412b8c42516786f36b0a30267dee3d8133f1666f55d21166f8e5b68e8b65be6a241a3899942ee143edd62edc30fc428ee801e7ae5cbe423498d1a5b37bfc6f6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 1520	1668	rundll32.exe	28
PID 1668 wrote to memory of 1520	1668	rundll32.exe	28
PID 1668 wrote to memory of 1520	1668	rundll32.exe	28
PID 1668 wrote to memory of 1520	1668	rundll32.exe	28
PID 1668 wrote to memory of 1520	1668	rundll32.exe	28
PID 1668 wrote to memory of 1520	1668	rundll32.exe	28
PID 1668 wrote to memory of 1520	1668	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2aa7eef220ca9eeb88e1d72f852fe2673b59da7f7f6d452d3499c2a960039e0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2aa7eef220ca9eeb88e1d72f852fe2673b59da7f7f6d452d3499c2a960039e0.dll,#1
  2⤵
  PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1520-55-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download