57c6d182dff02a52522fedd6236a5e23f136100904baf677e9611f511528fa36 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 14:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

57c6d182dff02a52522fedd6236a5e23f136100904baf677e9611f511528fa36.dll
Size

3KB
MD5

71997403ebc23b7622a984713c93c4c0
SHA1

7f7f31bad3c34da93d1fdd723d183cbae046b7ae
SHA256

57c6d182dff02a52522fedd6236a5e23f136100904baf677e9611f511528fa36
SHA512

f3ed7246f2c4dbac4552b88d46bfa0a7255a4217efd4a467576101a55c683b59419082c3e8059053a7fc125042b468128461dc1373595060ba0f674e4cb4ae25

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57c6d182dff02a52522fedd6236a5e23f136100904baf677e9611f511528fa36.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\57c6d182dff02a52522fedd6236a5e23f136100904baf677e9611f511528fa36.dll,#1
  2⤵
  PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-55-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download