769fbc2197d9e38d74c10b9ce850eb66f9453c6cc6e7fe338e02412cb4adb9a6 | Triage

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 13:23

Sharing

Report Analysis Logs

General

Target

769fbc2197d9e38d74c10b9ce850eb66f9453c6cc6e7fe338e02412cb4adb9a6.dll
Size

3KB
MD5

917f84344eff6fea48ebd6b9c209e960
SHA1

ea1a88efe3cf7dd0fe1f9039e744cce7ac3bbe0a
SHA256

769fbc2197d9e38d74c10b9ce850eb66f9453c6cc6e7fe338e02412cb4adb9a6
SHA512

229a9041c77967935a5066563eec446a0d779d2d9a7f814d0fa5aa41aa33c60b43ab3a359d52e9a2d89418d84b8172e8e1241b88a9bbc5811ec0e89593fc639f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\769fbc2197d9e38d74c10b9ce850eb66f9453c6cc6e7fe338e02412cb4adb9a6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\769fbc2197d9e38d74c10b9ce850eb66f9453c6cc6e7fe338e02412cb4adb9a6.dll,#1
  2⤵
  PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1356-55-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download