e63333bc5e27eab994c0094bb916997442b0674eb6003abd6ebdd7ade490ee6b | Triage

Analysis

max time kernel
28s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 18:06

Sharing

Report Analysis Logs

General

Target

e63333bc5e27eab994c0094bb916997442b0674eb6003abd6ebdd7ade490ee6b.dll
Size

3KB
MD5

02c2ec9d5c41f62885f981646d6332aa
SHA1

4336c0e7cec7ee2c0b013a8aff2f320f2afade42
SHA256

e63333bc5e27eab994c0094bb916997442b0674eb6003abd6ebdd7ade490ee6b
SHA512

65d23f8bcc8b875ec2f6630c08ef3059a5acde320e05025d886a99279d26508e76d0da2195e6e28ef0a73b670c5629b0732b596da7b23e2395321689e06df0d5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e63333bc5e27eab994c0094bb916997442b0674eb6003abd6ebdd7ade490ee6b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e63333bc5e27eab994c0094bb916997442b0674eb6003abd6ebdd7ade490ee6b.dll,#1
  2⤵
  PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1956-54-0x0000000000000000-mapping.dmp

Download
memory/1956-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download