82c5b50fef7d05b8cee1e5845b6464340d85b0f5f9612a6ed75581bb744bc55a | Triage

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 09:57

Sharing

Report Analysis Logs

General

Target

82c5b50fef7d05b8cee1e5845b6464340d85b0f5f9612a6ed75581bb744bc55a.dll
Size

3KB
MD5

66b96c582c88ddfef68b746d4670a087
SHA1

4a3bedd2fd9c5e523bfeddd7e7d36fc6d526d44e
SHA256

82c5b50fef7d05b8cee1e5845b6464340d85b0f5f9612a6ed75581bb744bc55a
SHA512

e6f1af3e1b1feb8bf4f3f341aa6d1cb3775d0c852aae7640e0bcfbc771ec8a7d2b98e29dc30bdc68e009a1e295886908068637d1cfac0d5e6ea9161dd11cf2a6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 1884	780	rundll32.exe	28
PID 780 wrote to memory of 1884	780	rundll32.exe	28
PID 780 wrote to memory of 1884	780	rundll32.exe	28
PID 780 wrote to memory of 1884	780	rundll32.exe	28
PID 780 wrote to memory of 1884	780	rundll32.exe	28
PID 780 wrote to memory of 1884	780	rundll32.exe	28
PID 780 wrote to memory of 1884	780	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\82c5b50fef7d05b8cee1e5845b6464340d85b0f5f9612a6ed75581bb744bc55a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\82c5b50fef7d05b8cee1e5845b6464340d85b0f5f9612a6ed75581bb744bc55a.dll,#1
  2⤵
  PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-54-0x0000000000000000-mapping.dmp

Download
memory/1884-55-0x0000000076321000-0x0000000076323000-memory.dmp

Filesize
8KB

Download