8ce48021cd67602ca13c24711385af7401e71a8a6c85a4dbae02a1a3a5453edf | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 21:20

Sharing

Report Analysis Logs

General

Target

8ce48021cd67602ca13c24711385af7401e71a8a6c85a4dbae02a1a3a5453edf.dll
Size

3KB
MD5

0e4395c1ecc213270d03166a62f6cc59
SHA1

a47a6fb6242c749dd8cf04e2c24c1d4abeece187
SHA256

8ce48021cd67602ca13c24711385af7401e71a8a6c85a4dbae02a1a3a5453edf
SHA512

1490086636c65ecb1991894a5a231f786fc485e233301ce4ed62bcc1d841603960b893fc5396a3fbe01cf5bc7bb0e68bb6e1d06b20af1d695f0f3d9278310ba4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28
PID 1676 wrote to memory of 112	1676	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ce48021cd67602ca13c24711385af7401e71a8a6c85a4dbae02a1a3a5453edf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ce48021cd67602ca13c24711385af7401e71a8a6c85a4dbae02a1a3a5453edf.dll,#1
  2⤵
  PID:112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/112-55-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download