32f53629190c294e5836478e5d98378c0569c2fea699294891617a3c91b0b5dd | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 05:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

32f53629190c294e5836478e5d98378c0569c2fea699294891617a3c91b0b5dd.dll
Size

3KB
MD5

0d9d16dbd1a49b884f262ef70483bd6e
SHA1

11cc8bb0aef2c21be9a58576b8f2e706fbac3464
SHA256

32f53629190c294e5836478e5d98378c0569c2fea699294891617a3c91b0b5dd
SHA512

0f40ef51bccb379d013991293662597d4ebb50d64f0589f0b1d5f5226ac03313cb8d95e18728281e060f27d2ad8388a10ac60e382f45430776a212c42f69195a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 536	1944	rundll32.exe	27
PID 1944 wrote to memory of 536	1944	rundll32.exe	27
PID 1944 wrote to memory of 536	1944	rundll32.exe	27
PID 1944 wrote to memory of 536	1944	rundll32.exe	27
PID 1944 wrote to memory of 536	1944	rundll32.exe	27
PID 1944 wrote to memory of 536	1944	rundll32.exe	27
PID 1944 wrote to memory of 536	1944	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\32f53629190c294e5836478e5d98378c0569c2fea699294891617a3c91b0b5dd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\32f53629190c294e5836478e5d98378c0569c2fea699294891617a3c91b0b5dd.dll,#1
  2⤵
  PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/536-55-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download