2c360bdd5a3296b9627a3cf09cc45e4a2569372d7a456701c6ae9259308571d0 | Triage

Analysis

max time kernel
36s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 15:54

Sharing

Report Analysis Logs

General

Target

2c360bdd5a3296b9627a3cf09cc45e4a2569372d7a456701c6ae9259308571d0.dll
Size

3KB
MD5

6742f7930fc95bc1226afa43ea42c4dc
SHA1

ff894a55452690fd2ce33e988b62a976e1fd1e6c
SHA256

2c360bdd5a3296b9627a3cf09cc45e4a2569372d7a456701c6ae9259308571d0
SHA512

a97ff1b7afb763cca3bc6e37e7aa62a3daaac5202688da3d5a9fd314e9ae1e0b5323df2913a80c9eaeafe611cb997de2890f92ec0f1ea32870f23d2839bd9bd9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 952	1728	rundll32.exe	28
PID 1728 wrote to memory of 952	1728	rundll32.exe	28
PID 1728 wrote to memory of 952	1728	rundll32.exe	28
PID 1728 wrote to memory of 952	1728	rundll32.exe	28
PID 1728 wrote to memory of 952	1728	rundll32.exe	28
PID 1728 wrote to memory of 952	1728	rundll32.exe	28
PID 1728 wrote to memory of 952	1728	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c360bdd5a3296b9627a3cf09cc45e4a2569372d7a456701c6ae9259308571d0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c360bdd5a3296b9627a3cf09cc45e4a2569372d7a456701c6ae9259308571d0.dll,#1
  2⤵
  PID:952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/952-55-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download