45429ff98ecb1b7419db2c948cc0ca22fd50976798fa1c5e4b666ebddf1ee1ba | Triage

Analysis

max time kernel
9s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 05:13

Sharing

Report Analysis Logs

General

Target

45429ff98ecb1b7419db2c948cc0ca22fd50976798fa1c5e4b666ebddf1ee1ba.dll
Size

3KB
MD5

3e8f2452d29f802f7f1ee4a4e72dc3c5
SHA1

0c5743867578cda4c1dfb7cb31235615ed33c3df
SHA256

45429ff98ecb1b7419db2c948cc0ca22fd50976798fa1c5e4b666ebddf1ee1ba
SHA512

f863b66ea8022777a7f7684d97abae7b1880cb3375fbe5e98187fe4d3390ed448a4c3997faa3fcb74437f6008b198fe2f6db29d0ff2c2a986377dcebf0510e9f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 1656	688	rundll32.exe	28
PID 688 wrote to memory of 1656	688	rundll32.exe	28
PID 688 wrote to memory of 1656	688	rundll32.exe	28
PID 688 wrote to memory of 1656	688	rundll32.exe	28
PID 688 wrote to memory of 1656	688	rundll32.exe	28
PID 688 wrote to memory of 1656	688	rundll32.exe	28
PID 688 wrote to memory of 1656	688	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45429ff98ecb1b7419db2c948cc0ca22fd50976798fa1c5e4b666ebddf1ee1ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\45429ff98ecb1b7419db2c948cc0ca22fd50976798fa1c5e4b666ebddf1ee1ba.dll,#1
  2⤵
  PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-55-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download