e33766d96566a91628a4274d1b2a614fabe51989c6e63fc451ad5891c5ca199c | Triage

Analysis

max time kernel
22s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 00:41

Sharing

Report Analysis Logs

General

Target

e33766d96566a91628a4274d1b2a614fabe51989c6e63fc451ad5891c5ca199c.dll
Size

3KB
MD5

9374fa04a9f93d86b370108c78186fcc
SHA1

1a4bad1067c5200e2031f1fe92c8acaab34836c8
SHA256

e33766d96566a91628a4274d1b2a614fabe51989c6e63fc451ad5891c5ca199c
SHA512

a0ef629e88bbf813dce2f69656f2833b5cabab14ee9d71b7ee76f14d2a4c4672b2ac24572c940614f86bcbb945b884988462cc72dce780fee266a188d0aeced4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28
PID 1948 wrote to memory of 1400	1948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e33766d96566a91628a4274d1b2a614fabe51989c6e63fc451ad5891c5ca199c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e33766d96566a91628a4274d1b2a614fabe51989c6e63fc451ad5891c5ca199c.dll,#1
  2⤵
  PID:1400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1400-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download