7679dc9331447348c977a425aa56017ecb0d49e10818e86fbb520f051d4b2cd1 | Triage

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 14:50

Sharing

Report Analysis Logs

General

Target

7679dc9331447348c977a425aa56017ecb0d49e10818e86fbb520f051d4b2cd1.dll
Size

3KB
MD5

80a8128860a4b7d9397a710e8034f987
SHA1

77b5c6f662dedfb5df583479948ed13f8f9b6cac
SHA256

7679dc9331447348c977a425aa56017ecb0d49e10818e86fbb520f051d4b2cd1
SHA512

a9922269bff27193e2e95136f17a93275a05c91c504be98b7c9434f6a427690de7f2baadcfb6e036a5b5ebca28efc95d91bc506d7f9b6af01db671e909aa762f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2012	1304	rundll32.exe	27
PID 1304 wrote to memory of 2012	1304	rundll32.exe	27
PID 1304 wrote to memory of 2012	1304	rundll32.exe	27
PID 1304 wrote to memory of 2012	1304	rundll32.exe	27
PID 1304 wrote to memory of 2012	1304	rundll32.exe	27
PID 1304 wrote to memory of 2012	1304	rundll32.exe	27
PID 1304 wrote to memory of 2012	1304	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7679dc9331447348c977a425aa56017ecb0d49e10818e86fbb520f051d4b2cd1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7679dc9331447348c977a425aa56017ecb0d49e10818e86fbb520f051d4b2cd1.dll,#1
  2⤵
  PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-55-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download