714166a10ff06c55045c2aa4f709c9b69c3fbfea829e5789f0f3bba9de045788 | Triage

Analysis

max time kernel
37s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 09:57

Sharing

Report Analysis Logs

General

Target

714166a10ff06c55045c2aa4f709c9b69c3fbfea829e5789f0f3bba9de045788.dll
Size

3KB
MD5

67ebb1c80bf05241a6eace928d68f42a
SHA1

78ada0567ee605e54862c429648f88a53501e3be
SHA256

714166a10ff06c55045c2aa4f709c9b69c3fbfea829e5789f0f3bba9de045788
SHA512

49a6c21c1f390980b3be937eb6b8a5ab7b67fbb891ff61a83f6e22d53cabc5dd16e849cb682572303ac4420f09d253c1d4e5ce9796a9d7514f65ba6edb04efaa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1964	1324	rundll32.exe	28
PID 1324 wrote to memory of 1964	1324	rundll32.exe	28
PID 1324 wrote to memory of 1964	1324	rundll32.exe	28
PID 1324 wrote to memory of 1964	1324	rundll32.exe	28
PID 1324 wrote to memory of 1964	1324	rundll32.exe	28
PID 1324 wrote to memory of 1964	1324	rundll32.exe	28
PID 1324 wrote to memory of 1964	1324	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\714166a10ff06c55045c2aa4f709c9b69c3fbfea829e5789f0f3bba9de045788.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\714166a10ff06c55045c2aa4f709c9b69c3fbfea829e5789f0f3bba9de045788.dll,#1
  2⤵
  PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1964-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download