36d411d8c228e62542ba67cbceaa14df48c3ca2e949d469da2441f6a71111b6e | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 13:42

Sharing

Report Analysis Logs

General

Target

36d411d8c228e62542ba67cbceaa14df48c3ca2e949d469da2441f6a71111b6e.dll
Size

960B
MD5

13f1691f5b3023d4741bd165f8ad52ab
SHA1

593134bac9de7b05bdc17b48b7da26ef8e8a5049
SHA256

36d411d8c228e62542ba67cbceaa14df48c3ca2e949d469da2441f6a71111b6e
SHA512

be05d12621aa7a210c28a384a84ba539ccd6b6b929548fd24d14a7ddf21e7ebf89db36b57f3f4a3aa0a84e9745a82964d3af14e02815a1866a947e79fdd47cc2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27
PID 1660 wrote to memory of 1932	1660	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36d411d8c228e62542ba67cbceaa14df48c3ca2e949d469da2441f6a71111b6e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\36d411d8c228e62542ba67cbceaa14df48c3ca2e949d469da2441f6a71111b6e.dll,#1
  2⤵
  PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1932-55-0x0000000075F51000-0x0000000075F53000-memory.dmp

Filesize
8KB

Download