56ddaec602d06399ffc8d7037c9eb5ef391f49fffb0393535e7fc0d62c37bd9a | Triage

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28/10/2022, 21:41

Sharing

Report Analysis Logs

General

Target

56ddaec602d06399ffc8d7037c9eb5ef391f49fffb0393535e7fc0d62c37bd9a.dll
Size

3KB
MD5

001534ae235b22fb7e152cb83c647b16
SHA1

295b1e416fa6bf4c08560f567ad2247bebf0812a
SHA256

56ddaec602d06399ffc8d7037c9eb5ef391f49fffb0393535e7fc0d62c37bd9a
SHA512

4cefa1f2865b58ac2d49a57b85090fb0c41eb0b8dee4f4af0392359d220767281a9ebb5feb526a3934e3815233efd7c6b4661ed85bac3f011a6166aa177edaa4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26
PID 1976 wrote to memory of 1980	1976	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\56ddaec602d06399ffc8d7037c9eb5ef391f49fffb0393535e7fc0d62c37bd9a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\56ddaec602d06399ffc8d7037c9eb5ef391f49fffb0393535e7fc0d62c37bd9a.dll,#1
  2⤵
  PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1980-55-0x00000000754E1000-0x00000000754E3000-memory.dmp

Filesize
8KB

Download