d5dc1bc943436563c1352c70209bf3257bbcefc7b90fc49b52c20f61aeeb17fb | Triage

Analysis

max time kernel
8s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 20:43

Sharing

Report Analysis Logs

General

Target

d5dc1bc943436563c1352c70209bf3257bbcefc7b90fc49b52c20f61aeeb17fb.dll
Size

4KB
MD5

820ddabe8493098314ff2adff7b0b4ab
SHA1

6d422e1c20fa47e0d0fd2071d6a55f47d3d3546e
SHA256

d5dc1bc943436563c1352c70209bf3257bbcefc7b90fc49b52c20f61aeeb17fb
SHA512

ac4d90878cb3d583d5475058377be752c9139ddd579f5a2a6e2e9fa422297f1560458f6e3d3e1ba7e18619cae6a5295b78e164a448255de65675d608af7e4b90

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 768	968	rundll32.exe	28
PID 968 wrote to memory of 768	968	rundll32.exe	28
PID 968 wrote to memory of 768	968	rundll32.exe	28
PID 968 wrote to memory of 768	968	rundll32.exe	28
PID 968 wrote to memory of 768	968	rundll32.exe	28
PID 968 wrote to memory of 768	968	rundll32.exe	28
PID 968 wrote to memory of 768	968	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5dc1bc943436563c1352c70209bf3257bbcefc7b90fc49b52c20f61aeeb17fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5dc1bc943436563c1352c70209bf3257bbcefc7b90fc49b52c20f61aeeb17fb.dll,#1
  2⤵
  PID:768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/768-55-0x0000000076091000-0x0000000076093000-memory.dmp

Filesize
8KB

Download