3bb25eaaf29083dd529ced801f2e61b753856df745de32b9a45991e5b8c56232 | Triage

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 01:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3bb25eaaf29083dd529ced801f2e61b753856df745de32b9a45991e5b8c56232.dll
Size

3KB
MD5

0d3f0744b7b4309a9a1200b653ec79f0
SHA1

16521ce6faeb588685ddb7baa30d7934fab25352
SHA256

3bb25eaaf29083dd529ced801f2e61b753856df745de32b9a45991e5b8c56232
SHA512

b90b602c319f38a7ee5a1aa7c67abc42ded0340fe76085a0988e47bd80f0d1a31936a7c227ba3022219f34f96eee1677f4f5936444c9d5ebd0c557571c11a3a9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 1896	560	rundll32.exe	28
PID 560 wrote to memory of 1896	560	rundll32.exe	28
PID 560 wrote to memory of 1896	560	rundll32.exe	28
PID 560 wrote to memory of 1896	560	rundll32.exe	28
PID 560 wrote to memory of 1896	560	rundll32.exe	28
PID 560 wrote to memory of 1896	560	rundll32.exe	28
PID 560 wrote to memory of 1896	560	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bb25eaaf29083dd529ced801f2e61b753856df745de32b9a45991e5b8c56232.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bb25eaaf29083dd529ced801f2e61b753856df745de32b9a45991e5b8c56232.dll,#1
  2⤵
  PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1896-55-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download