5cb1ba05a9ce6cb512c295782f8c0748b9b5ead1fe9385184978f84c2ab78b64 | Triage

Analysis

max time kernel
29s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 05:27

Sharing

Report Analysis Logs

General

Target

5cb1ba05a9ce6cb512c295782f8c0748b9b5ead1fe9385184978f84c2ab78b64.dll
Size

3KB
MD5

939eb5aec7c76504aaa9263bbaa0b020
SHA1

7df7ca44c8680d8e3ac0911e834fe859099fadff
SHA256

5cb1ba05a9ce6cb512c295782f8c0748b9b5ead1fe9385184978f84c2ab78b64
SHA512

8e8e6c7dbb45c52ce5bdc18900d57d07159baa8981443c6ce1aef2618db3c0934880308eb92e76ba04eff60b7a19f303f97908bcc8bb74aa3a3834ab290e9c39

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2024	2032	rundll32.exe	28
PID 2032 wrote to memory of 2024	2032	rundll32.exe	28
PID 2032 wrote to memory of 2024	2032	rundll32.exe	28
PID 2032 wrote to memory of 2024	2032	rundll32.exe	28
PID 2032 wrote to memory of 2024	2032	rundll32.exe	28
PID 2032 wrote to memory of 2024	2032	rundll32.exe	28
PID 2032 wrote to memory of 2024	2032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cb1ba05a9ce6cb512c295782f8c0748b9b5ead1fe9385184978f84c2ab78b64.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cb1ba05a9ce6cb512c295782f8c0748b9b5ead1fe9385184978f84c2ab78b64.dll,#1
  2⤵
  PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-55-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download