7544302d816a8304efc64596c27b1f589038fb76c4a0e07182ca18374f8e2691 | Triage

Analysis

max time kernel
38s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 21:43

Sharing

Report Analysis Logs

General

Target

7544302d816a8304efc64596c27b1f589038fb76c4a0e07182ca18374f8e2691.dll
Size

3KB
MD5

63436cf37b4f1f368f8d450c6aaa0b5e
SHA1

249a870c93e43ea6ce27b4c766cc7b2d1a3137e3
SHA256

7544302d816a8304efc64596c27b1f589038fb76c4a0e07182ca18374f8e2691
SHA512

6ad5aadd23852ac0e7cf32f294b25d4d65707d9689597830964a061ef87503c402a6abe321bc94f9e7242f99e0cd2db70fff992187a5cd2cd06edde5f1ad92f2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7544302d816a8304efc64596c27b1f589038fb76c4a0e07182ca18374f8e2691.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7544302d816a8304efc64596c27b1f589038fb76c4a0e07182ca18374f8e2691.dll,#1
  2⤵
  PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1548-54-0x0000000000000000-mapping.dmp

Download
memory/1548-55-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download