d03e8eeed0c1cf9dd86d520e6be36fff37bb77dfa6b2edba7e73e22004148969 | Triage

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 09:54

Sharing

Report Analysis Logs

General

Target

d03e8eeed0c1cf9dd86d520e6be36fff37bb77dfa6b2edba7e73e22004148969.dll
Size

3KB
MD5

1181f67631ab911a68524af80e5297a7
SHA1

efcc4c5cd6b3b6cc2c10bc788c45d3c437dbc01e
SHA256

d03e8eeed0c1cf9dd86d520e6be36fff37bb77dfa6b2edba7e73e22004148969
SHA512

114506ec3e9d6766843c7612b3361008ce7916acfc1aa914e4b042002eea268fe655fc62ca77fde427461ca840433cf68f889a16a607375e8facdd420b5f6705

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d03e8eeed0c1cf9dd86d520e6be36fff37bb77dfa6b2edba7e73e22004148969.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d03e8eeed0c1cf9dd86d520e6be36fff37bb77dfa6b2edba7e73e22004148969.dll,#1
  2⤵
  PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1112-55-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download