372cbcd52eeae5ece099eb0b3622bd96f797ed9733061b7cf0d07ed34444a73f | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 15:53

Sharing

Report Analysis Logs

General

Target

372cbcd52eeae5ece099eb0b3622bd96f797ed9733061b7cf0d07ed34444a73f.dll
Size

4KB
MD5

6d6c5311e9a68ba660488d336564e72b
SHA1

d3391845bcd07e8d83f95fb3a01b3e6efcc9c8d8
SHA256

372cbcd52eeae5ece099eb0b3622bd96f797ed9733061b7cf0d07ed34444a73f
SHA512

2b09e38f06e9a4191eb2b3dee563705c5aa8262d7053dcddbf6b97f41b3e6c7829d46865de5b55bee82edaf210f84ad057a001ac69371b3aff2eb99ad5c73067

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27
PID 1600 wrote to memory of 1812	1600	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\372cbcd52eeae5ece099eb0b3622bd96f797ed9733061b7cf0d07ed34444a73f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\372cbcd52eeae5ece099eb0b3622bd96f797ed9733061b7cf0d07ed34444a73f.dll,#1
  2⤵
  PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1812-54-0x0000000000000000-mapping.dmp

Download
memory/1812-55-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download