33571ada69b1c7b27069a55684935b347f9482f853ecbd7d3a184c6a821e7842 | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 19:37

Sharing

Report Analysis Logs

General

Target

33571ada69b1c7b27069a55684935b347f9482f853ecbd7d3a184c6a821e7842.dll
Size

3KB
MD5

74077db156dceb97d53cc27f31506e7d
SHA1

d45b3b98ed2ecf0b543256bbd087dd50b042bec1
SHA256

33571ada69b1c7b27069a55684935b347f9482f853ecbd7d3a184c6a821e7842
SHA512

2bbb46e99eecf72397e262f0596c83c79d74176321a8c391436ef808a0bb5a60105b64ef74c57941c1e43007983f95cf22725b6025563da032a788b02fec8f4a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33571ada69b1c7b27069a55684935b347f9482f853ecbd7d3a184c6a821e7842.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\33571ada69b1c7b27069a55684935b347f9482f853ecbd7d3a184c6a821e7842.dll,#1
  2⤵
  PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-55-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download