738db198323e2e66313a2832f45061d008fe1f6ed55031ca47c09d9174ec4783 | Triage

Analysis

max time kernel
21s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 00:49

Sharing

Report Analysis Logs

General

Target

738db198323e2e66313a2832f45061d008fe1f6ed55031ca47c09d9174ec4783.dll
Size

4KB
MD5

8513a2f638ff41ed867db35bcc5894dd
SHA1

23f32c5852d24da047e47af25179f2594ee5349f
SHA256

738db198323e2e66313a2832f45061d008fe1f6ed55031ca47c09d9174ec4783
SHA512

97ecd0f510e3cd02dce5d9278e363738148d69a56273a4b62798300fb994b8421745dcc81eca58f67311167f73c303a9d8abbbe9341b4858899c61e0cf6f4369

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 960	1996	rundll32.exe	27
PID 1996 wrote to memory of 960	1996	rundll32.exe	27
PID 1996 wrote to memory of 960	1996	rundll32.exe	27
PID 1996 wrote to memory of 960	1996	rundll32.exe	27
PID 1996 wrote to memory of 960	1996	rundll32.exe	27
PID 1996 wrote to memory of 960	1996	rundll32.exe	27
PID 1996 wrote to memory of 960	1996	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\738db198323e2e66313a2832f45061d008fe1f6ed55031ca47c09d9174ec4783.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\738db198323e2e66313a2832f45061d008fe1f6ed55031ca47c09d9174ec4783.dll,#1
  2⤵
  PID:960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-55-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download