760c0eaffc5943a6b4ff839ed2782ab3d3626e5d12f5cbf07b8840bf78684588 | Triage

Analysis

max time kernel
46s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-10-2022 02:01

Sharing

Report Analysis Logs

General

Target

dumped.dll
Size

540KB
MD5

3aaf34ffbe45e4f54b37392ad1afe9a5
SHA1

950dedbae18a9901ef1148ac64feee781baa77b2
SHA256

760c0eaffc5943a6b4ff839ed2782ab3d3626e5d12f5cbf07b8840bf78684588
SHA512

ef84e91d0c7bdc4cf73220f46ad5aa9a60f064670d4d20b6e6eebdc101cd9bd68513b08508f0021bfa3c558ab2f5e1a9ae218aaeba6e032c4ac8c8258235943a
SSDEEP

1536:lTmE+L5AkTixchBOKinCZ3eGGb7dTR9kR:liEWPOQOKCCteb7he

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dumped.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dumped.dll,#1
  2⤵
  PID:1020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1020-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download