7a6573463af6e0773ca32503c4e0269e76989add0aaca0fee44b846f110f9c87 | Triage

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-10-2022 01:50

Sharing

Report Analysis Logs

General

Target

7a6573463af6e0773ca32503c4e0269e76989add0aaca0fee44b846f110f9c87.dll
Size

3KB
MD5

5c3a50bb778189bf20e22d466c3694f4
SHA1

490cb74426564b951f1427ff98aefb34288bfed1
SHA256

7a6573463af6e0773ca32503c4e0269e76989add0aaca0fee44b846f110f9c87
SHA512

3ca8d89029fbf720a0a4d3c0fa3144d7d4b9fada6e69947cad278879fd85c6b950c8d4b01718fe71d12280613c9df0b933c40905c00f075fdba93885857b6c97

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 1124	1168	rundll32.exe	27
PID 1168 wrote to memory of 1124	1168	rundll32.exe	27
PID 1168 wrote to memory of 1124	1168	rundll32.exe	27
PID 1168 wrote to memory of 1124	1168	rundll32.exe	27
PID 1168 wrote to memory of 1124	1168	rundll32.exe	27
PID 1168 wrote to memory of 1124	1168	rundll32.exe	27
PID 1168 wrote to memory of 1124	1168	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a6573463af6e0773ca32503c4e0269e76989add0aaca0fee44b846f110f9c87.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a6573463af6e0773ca32503c4e0269e76989add0aaca0fee44b846f110f9c87.dll,#1
  2⤵
  PID:1124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1124-54-0x0000000000000000-mapping.dmp

Download
memory/1124-55-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download