22e70776a9a2c71ba7b2aca0c75b129f69c58c988f4c6bfc2e5ec86cd064281c | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 01:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4a275b17b7e9be6402d3ca1d8ce987ce.dll
Size

3KB
MD5

4a275b17b7e9be6402d3ca1d8ce987ce
SHA1

554c5a5ab1add521a63e482f8bdf13d7e302f789
SHA256

22e70776a9a2c71ba7b2aca0c75b129f69c58c988f4c6bfc2e5ec86cd064281c
SHA512

50648941c3ffcdb1f05cd8e17f883f54b80473ef3edf64c3c6fb45c54c419dedd749d3a4f437002983f377aceef81aa10943ac6f80379a9dc5bb8eae85e8e8f0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2680	2844	rundll32.exe	28
PID 2844 wrote to memory of 2680	2844	rundll32.exe	28
PID 2844 wrote to memory of 2680	2844	rundll32.exe	28
PID 2844 wrote to memory of 2680	2844	rundll32.exe	28
PID 2844 wrote to memory of 2680	2844	rundll32.exe	28
PID 2844 wrote to memory of 2680	2844	rundll32.exe	28
PID 2844 wrote to memory of 2680	2844	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a275b17b7e9be6402d3ca1d8ce987ce.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a275b17b7e9be6402d3ca1d8ce987ce.dll,#1
  2⤵
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads