d3197bc349955cb824994ee67005c97322aa26c17f99e133ef58ccc76a589815 | Triage

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 10:01

Sharing

Report Analysis Logs

General

Target

d3197bc349955cb824994ee67005c97322aa26c17f99e133ef58ccc76a589815.dll
Size

3KB
MD5

5d8b43d0b82eb7c26324716eed223ee1
SHA1

3af13c72ec07e51456ad09c61bcb1dc736bdd01e
SHA256

d3197bc349955cb824994ee67005c97322aa26c17f99e133ef58ccc76a589815
SHA512

c54db47ba125f9d563c3fa830d1fdb4bdc364b35123cd1f835b6f098df96d372b38b26129491ebe439f775a2526cc2fc88a41228ea1233398ece52af56f9cc2b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1580	1720	rundll32.exe	27
PID 1720 wrote to memory of 1580	1720	rundll32.exe	27
PID 1720 wrote to memory of 1580	1720	rundll32.exe	27
PID 1720 wrote to memory of 1580	1720	rundll32.exe	27
PID 1720 wrote to memory of 1580	1720	rundll32.exe	27
PID 1720 wrote to memory of 1580	1720	rundll32.exe	27
PID 1720 wrote to memory of 1580	1720	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3197bc349955cb824994ee67005c97322aa26c17f99e133ef58ccc76a589815.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3197bc349955cb824994ee67005c97322aa26c17f99e133ef58ccc76a589815.dll,#1
  2⤵
  PID:1580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1580-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download