178befaaca68c0d96e0effd129753d74e016975572485155d28a8d8755b5456c | Triage

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 18:45

Sharing

Report Analysis Logs

General

Target

178befaaca68c0d96e0effd129753d74e016975572485155d28a8d8755b5456c.dll
Size

3KB
MD5

5cf35c56dd4f7847ff63fb8cfb77a700
SHA1

aed0e21bea855b85bb46600da0cf6cf117954b25
SHA256

178befaaca68c0d96e0effd129753d74e016975572485155d28a8d8755b5456c
SHA512

a780c5f98d5862810fa6d28fdab1607d848ab3d04f8abc4c97224334dae4813e2a096547ef52a6085f280f8e1f5eb431d74a3a3a751720f133f3fbb0f057605f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\178befaaca68c0d96e0effd129753d74e016975572485155d28a8d8755b5456c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\178befaaca68c0d96e0effd129753d74e016975572485155d28a8d8755b5456c.dll,#1
  2⤵
  PID:1344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1344-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download