ec186e26a56135fe6bce054b67cc4f2b0e2c09688d508ded16df136ac4cc5513 | Triage

Analysis

max time kernel
32s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 06:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ec186e26a56135fe6bce054b67cc4f2b0e2c09688d508ded16df136ac4cc5513.dll
Size

3KB
MD5

4a1e9b56445e015b66061e3c89222467
SHA1

4d97a00170d1e34447a621440f3cdff0767d2c07
SHA256

ec186e26a56135fe6bce054b67cc4f2b0e2c09688d508ded16df136ac4cc5513
SHA512

90684a512967677c4a6eec7fc589e12a48ce9823947766bfddb4a5e12502df1e06eca132606fb2be7cd7ce0f08df5fe5fe45b1d5e885abcf1c66e4db7a409a7c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 1712	1452	rundll32.exe	28
PID 1452 wrote to memory of 1712	1452	rundll32.exe	28
PID 1452 wrote to memory of 1712	1452	rundll32.exe	28
PID 1452 wrote to memory of 1712	1452	rundll32.exe	28
PID 1452 wrote to memory of 1712	1452	rundll32.exe	28
PID 1452 wrote to memory of 1712	1452	rundll32.exe	28
PID 1452 wrote to memory of 1712	1452	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec186e26a56135fe6bce054b67cc4f2b0e2c09688d508ded16df136ac4cc5513.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec186e26a56135fe6bce054b67cc4f2b0e2c09688d508ded16df136ac4cc5513.dll,#1
  2⤵
  PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1712-55-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download