5b7f831d4e087f93acdc16e0ede220f82ee40baa882971e1941a64d43e686e23 | Triage

Analysis

max time kernel
27s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14/10/2022, 10:39

Sharing

Report Analysis Logs

General

Target

5b7f831d4e087f93acdc16e0ede220f82ee40baa882971e1941a64d43e686e23.dll
Size

4KB
MD5

6c910c8e735217132d9d1ce3eb092c09
SHA1

b5e227a6e7315808aab50d75c2372b2ae57df0a5
SHA256

5b7f831d4e087f93acdc16e0ede220f82ee40baa882971e1941a64d43e686e23
SHA512

32f39bf781313426f20b6669cdf733acc39a296e1ccc6d7ae687e0514187700672ac5e1c610a74d03697023ab7e4a94efda47b719b5e6ab3563dc313d16b02b5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b7f831d4e087f93acdc16e0ede220f82ee40baa882971e1941a64d43e686e23.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b7f831d4e087f93acdc16e0ede220f82ee40baa882971e1941a64d43e686e23.dll,#1
  2⤵
  PID:1644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1644-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download