2c843aae4ac8d85518cc39b457df5af2b8ec766ed23b86ec89e385d2c9cd0b1f | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 21:44

Sharing

Report Analysis Logs

General

Target

2c843aae4ac8d85518cc39b457df5af2b8ec766ed23b86ec89e385d2c9cd0b1f.dll
Size

3KB
MD5

3bbcbbabf7edf309d8436fe882f0d9ee
SHA1

c0ed3f67f1c7820b49d82552fab1ffd55d4140c7
SHA256

2c843aae4ac8d85518cc39b457df5af2b8ec766ed23b86ec89e385d2c9cd0b1f
SHA512

cee0f45962798374165e65321c9a634866a9e8c65d6bdacd57a32c4492e0bcff7c61ccacb2d102cc66de19c8b7d445fa4716ca0a8fe734a9e7a832f9de16032e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27
PID 1468 wrote to memory of 1496	1468	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c843aae4ac8d85518cc39b457df5af2b8ec766ed23b86ec89e385d2c9cd0b1f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c843aae4ac8d85518cc39b457df5af2b8ec766ed23b86ec89e385d2c9cd0b1f.dll,#1
  2⤵
  PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1496-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download