ac7e47e5c681d4541e34f0471a25752933c3dbc4dfae60ce10f1d7bf0429b22d | Triage

Analysis

max time kernel
39s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14/10/2022, 10:35

Sharing

Report Analysis Logs

General

Target

ac7e47e5c681d4541e34f0471a25752933c3dbc4dfae60ce10f1d7bf0429b22d.dll
Size

3KB
MD5

6b697d5aedd5ea54ed02a11e6e6e10ef
SHA1

824864627b220a887afb1f8f503ddecfda1c7ad7
SHA256

ac7e47e5c681d4541e34f0471a25752933c3dbc4dfae60ce10f1d7bf0429b22d
SHA512

673e5a9c01d8b4bec4eccdb462bcd46971c2d2fe168e201e6a0788485ff8790d93200c1dc59e701ffe31ec10873c1324f38301eeaba227e8f3eea52c136c4d0b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 988	1732	rundll32.exe	27
PID 1732 wrote to memory of 988	1732	rundll32.exe	27
PID 1732 wrote to memory of 988	1732	rundll32.exe	27
PID 1732 wrote to memory of 988	1732	rundll32.exe	27
PID 1732 wrote to memory of 988	1732	rundll32.exe	27
PID 1732 wrote to memory of 988	1732	rundll32.exe	27
PID 1732 wrote to memory of 988	1732	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac7e47e5c681d4541e34f0471a25752933c3dbc4dfae60ce10f1d7bf0429b22d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac7e47e5c681d4541e34f0471a25752933c3dbc4dfae60ce10f1d7bf0429b22d.dll,#1
  2⤵
  PID:988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/988-55-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download