62a75ba8789989df050b74e5cdde094c85862661b4e2995190ebef595113c2cb | Triage

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 02:04

Sharing

Report Analysis Logs

General

Target

62a75ba8789989df050b74e5cdde094c85862661b4e2995190ebef595113c2cb.dll
Size

3KB
MD5

18e686b7c1c1ff47a7da23bfc031148f
SHA1

b5807e712dfdc8c97b4bc81ff8101e425cbdf9ab
SHA256

62a75ba8789989df050b74e5cdde094c85862661b4e2995190ebef595113c2cb
SHA512

fe4d02cc3ac09d984a72f5fe6a3035ac721ede57f92aade7b5d552e2c4052729b59d51a8338afff9b3c29074551e7d72b3c990133d81c589a7dec7c1ad75be80

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27
PID 1228 wrote to memory of 1548	1228	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\62a75ba8789989df050b74e5cdde094c85862661b4e2995190ebef595113c2cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\62a75ba8789989df050b74e5cdde094c85862661b4e2995190ebef595113c2cb.dll,#1
  2⤵
  PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1548-54-0x0000000000000000-mapping.dmp

Download
memory/1548-55-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download