7ce8edf50164d966c4bb9dbd8dcb1ca7999e83558733a0083e02a38ab839921f | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 20:47

Sharing

Report Analysis Logs

General

Target

7ce8edf50164d966c4bb9dbd8dcb1ca7999e83558733a0083e02a38ab839921f.dll
Size

3KB
MD5

82be2743e15955759cbdcb682787e173
SHA1

ef31c07026c350b1c0e6ea74c3926bc21a6b8181
SHA256

7ce8edf50164d966c4bb9dbd8dcb1ca7999e83558733a0083e02a38ab839921f
SHA512

043f422eebd9b561fa13ea1ba1ee1ee065a5e76c2a9c3035a0d1651bf1fd239eed40c3187f7b63f81cea15156e9c1bbbdf6055dab8b6d3775f52a485c5fb46e6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ce8edf50164d966c4bb9dbd8dcb1ca7999e83558733a0083e02a38ab839921f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ce8edf50164d966c4bb9dbd8dcb1ca7999e83558733a0083e02a38ab839921f.dll,#1
  2⤵
  PID:112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/112-55-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download