7c3226e1779ec9002a8eede88e1fa7bdfa34cbe150764acbadc3364274bfa6d5 | Triage

Analysis

max time kernel
45s
max time network
142s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 21:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7c3226e1779ec9002a8eede88e1fa7bdfa34cbe150764acbadc3364274bfa6d5.dll
Size

3KB
MD5

4450465f13aac2735b93e3e1a47a64d0
SHA1

bfd2c4fc4126e258da34271345b8cdcb4d357d06
SHA256

7c3226e1779ec9002a8eede88e1fa7bdfa34cbe150764acbadc3364274bfa6d5
SHA512

aa1766a757ab47f3da1c385e47f7c5ea53cf85bb48c1bc3bcfc24fce0a2fa549f7f2478fa29c0cd97dabc1d11546792f617ec2285fce0d3d53a39d149de35fad

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27
PID 1292 wrote to memory of 1160	1292	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c3226e1779ec9002a8eede88e1fa7bdfa34cbe150764acbadc3364274bfa6d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c3226e1779ec9002a8eede88e1fa7bdfa34cbe150764acbadc3364274bfa6d5.dll,#1
  2⤵
  PID:1160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1160-55-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download