ed0eec7fe2565a0f38019172722d04b200a036a96ca6e92bfa5e4bf74bdb5a2b | Triage

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 08:53

Sharing

Report Analysis Logs

General

Target

ed0eec7fe2565a0f38019172722d04b200a036a96ca6e92bfa5e4bf74bdb5a2b.dll
Size

53KB
MD5

b0fecfeb86217600bc3308aae08a2b82
SHA1

d40b663632d57b9c5449d3a080ba3895b0a138d6
SHA256

ed0eec7fe2565a0f38019172722d04b200a036a96ca6e92bfa5e4bf74bdb5a2b
SHA512

2ced7bc4a542644e6341a80e66060fb118a7275352e2e60a00e4276bba5886dcf1a6f815bf1e27f58090dfe80251cd8ab08336699a4efa86fd191b7bcee3a553

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1580	956	rundll32.exe	27
PID 956 wrote to memory of 1580	956	rundll32.exe	27
PID 956 wrote to memory of 1580	956	rundll32.exe	27
PID 956 wrote to memory of 1580	956	rundll32.exe	27
PID 956 wrote to memory of 1580	956	rundll32.exe	27
PID 956 wrote to memory of 1580	956	rundll32.exe	27
PID 956 wrote to memory of 1580	956	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed0eec7fe2565a0f38019172722d04b200a036a96ca6e92bfa5e4bf74bdb5a2b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed0eec7fe2565a0f38019172722d04b200a036a96ca6e92bfa5e4bf74bdb5a2b.dll,#1
  2⤵
  PID:1580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1580-55-0x00000000763B1000-0x00000000763B3000-memory.dmp

Filesize
8KB

Download