c7ec649ff362867a6c4fce7282df9649edd272ef43042609b3499e15d3f4a103 | Triage

Analysis

max time kernel
91s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 04:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c7ec649ff362867a6c4fce7282df9649edd272ef43042609b3499e15d3f4a103.dll
Size

3KB
MD5

4a69a6875e520679f0173a04af5d7fb0
SHA1

0b3e93d4f100f56160e557af044fb992e6c1a2f8
SHA256

c7ec649ff362867a6c4fce7282df9649edd272ef43042609b3499e15d3f4a103
SHA512

3a6757f45ca2f79ae60331b01b1558a74fda363a39182feb77e0d54976cd4ccef6f218b78aa5fa0f4dadf2384905d7dac067820d5e477ce54c1af5fe20560deb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 928	5080	rundll32.exe	81
PID 5080 wrote to memory of 928	5080	rundll32.exe	81
PID 5080 wrote to memory of 928	5080	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c7ec649ff362867a6c4fce7282df9649edd272ef43042609b3499e15d3f4a103.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c7ec649ff362867a6c4fce7282df9649edd272ef43042609b3499e15d3f4a103.dll,#1
  2⤵
  PID:928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads