653b1c0c765c20f63d2111a256d5c530770b07b50519094c5df5a92a81752c0e | Triage

Analysis

max time kernel
32s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 19:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

653b1c0c765c20f63d2111a256d5c530770b07b50519094c5df5a92a81752c0e.dll
Size

3KB
MD5

40f84f7dcdbea97e5f376b6940cc6d8b
SHA1

fd8f04c024e6e8bb7304c2505a5eb01cb7ce49ef
SHA256

653b1c0c765c20f63d2111a256d5c530770b07b50519094c5df5a92a81752c0e
SHA512

3a86767bed18055d63e42d96021c057ab5988da33f62f51f5499d461ac0457f6f918aa50e69d0b309b25c5de0eaf60b68e131c86b732a7b9bf66a48451ebbd3c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\653b1c0c765c20f63d2111a256d5c530770b07b50519094c5df5a92a81752c0e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\653b1c0c765c20f63d2111a256d5c530770b07b50519094c5df5a92a81752c0e.dll,#1
  2⤵
  PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/936-55-0x0000000075A81000-0x0000000075A83000-memory.dmp

Filesize
8KB

Download