258392c52cc9e4d65fe9a62c45891b2e28f6f3dcd34592af33536aa8d6e4f831 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 20:48

Sharing

Report Analysis Logs

General

Target

258392c52cc9e4d65fe9a62c45891b2e28f6f3dcd34592af33536aa8d6e4f831.dll
Size

3KB
MD5

a242d9c820326428990bec98453f32af
SHA1

dbe669ec1a55149d474b18e889db7c4e6c0ff0cb
SHA256

258392c52cc9e4d65fe9a62c45891b2e28f6f3dcd34592af33536aa8d6e4f831
SHA512

d3a21a15608d29c8e0137de95f742b0a343e08cebdac450ba8ddcd2adb9896739280879b0f23f1db67c4fcb0c446cdb76a1e536624aee520e56c92a0ed7c83ff

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28
PID 1372 wrote to memory of 1680	1372	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\258392c52cc9e4d65fe9a62c45891b2e28f6f3dcd34592af33536aa8d6e4f831.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\258392c52cc9e4d65fe9a62c45891b2e28f6f3dcd34592af33536aa8d6e4f831.dll,#1
  2⤵
  PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-55-0x0000000075921000-0x0000000075923000-memory.dmp

Filesize
8KB

Download