8847abf7022a08377a73c11aabf3b7c80fd5e12d1c41d1358811116d4bae767f | Triage

Analysis

max time kernel
150s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/01/2023, 18:27

Sharing

Report Analysis Logs

General

Target

11.dll
Size

5KB
MD5

db00c1b9f5f149bd41f2cfd3427ca3d5
SHA1

f7030cf0718aadb42f87298d8900ffed862f502e
SHA256

8847abf7022a08377a73c11aabf3b7c80fd5e12d1c41d1358811116d4bae767f
SHA512

8532a22bb9bad37fb7abafdc7dcc59ca5ee40ccfa76fc5722becad2aa6a0249aeba120e48ab73b08fe5bdfc0d1058b3acfde5cd750f35919662979f6faa5a1c6
SSDEEP

48:CVVrkEtP9TxNpmmbnQYFJNaT82a/phoHIryWiCys7PvO32nClb:UZ9TxzmmTfkT88OysDSb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 1768	1216	rundll32.exe	28
PID 1216 wrote to memory of 1768	1216	rundll32.exe	28
PID 1216 wrote to memory of 1768	1216	rundll32.exe	28
PID 1216 wrote to memory of 2044	1216	rundll32.exe	30
PID 1216 wrote to memory of 2044	1216	rundll32.exe	30
PID 1216 wrote to memory of 2044	1216	rundll32.exe	30
PID 1216 wrote to memory of 532	1216	rundll32.exe	29
PID 1216 wrote to memory of 532	1216	rundll32.exe	29
PID 1216 wrote to memory of 532	1216	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\11.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\System32\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  PID:1768
- C:\Windows\System32\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  PID:532
- C:\Windows\System32\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1768-55-0x000007FEFBF31000-0x000007FEFBF33000-memory.dmp

Filesize
8KB

Download