51f3f01feac18fbff6132a833316e5c50f67f99944ace702b43830a639559e2e | Triage

Analysis

max time kernel
33s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 10:42

Sharing

Report Analysis Logs

General

Target

51f3f01feac18fbff6132a833316e5c50f67f99944ace702b43830a639559e2e.dll
Size

3KB
MD5

90510ea567674278183576c8b63dd9e9
SHA1

a97ba999d55a6629a50d17e2289c9a6ed70093f9
SHA256

51f3f01feac18fbff6132a833316e5c50f67f99944ace702b43830a639559e2e
SHA512

8cf445ffd75b7d0fbb75dbc9a4cf296c95d9322af4bebc34ea1aaa0cff5a0e49c79c24741c05d965cf3f0ff4cb1dc1179bd47ea0cf040dd81fe7509e9d0d810f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 1948	536	rundll32.exe	27
PID 536 wrote to memory of 1948	536	rundll32.exe	27
PID 536 wrote to memory of 1948	536	rundll32.exe	27
PID 536 wrote to memory of 1948	536	rundll32.exe	27
PID 536 wrote to memory of 1948	536	rundll32.exe	27
PID 536 wrote to memory of 1948	536	rundll32.exe	27
PID 536 wrote to memory of 1948	536	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\51f3f01feac18fbff6132a833316e5c50f67f99944ace702b43830a639559e2e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\51f3f01feac18fbff6132a833316e5c50f67f99944ace702b43830a639559e2e.dll,#1
  2⤵
  PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1948-54-0x0000000000000000-mapping.dmp

Download
memory/1948-55-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download