f0b956f6edbf22ce18591624606e29a404deff59bef526449bc3b5aace5c084e | Triage

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:48

Sharing

Report Analysis Logs

General

Target

f0b956f6edbf22ce18591624606e29a404deff59bef526449bc3b5aace5c084e.dll
Size

3KB
MD5

e9da88f09531c4c5441fb819f642ad90
SHA1

04d70cd59c9c435fe0b841b2210fecf6744226b6
SHA256

f0b956f6edbf22ce18591624606e29a404deff59bef526449bc3b5aace5c084e
SHA512

c671ab2a30904070914331f370c65e0a4d0206ea2ca80a8192abdaa3d120ee0f7234c7056750453ef21ed9378aad7fd6d5bc83c9af8d6abc54be7f6d759aa64a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f0b956f6edbf22ce18591624606e29a404deff59bef526449bc3b5aace5c084e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f0b956f6edbf22ce18591624606e29a404deff59bef526449bc3b5aace5c084e.dll,#1
  2⤵
  PID:1252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1252-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download