5c1ff88eb237b54f586344de8d3fdb9c4203a0b4d18dbb5fc9aa448f00cb7be3 | Triage

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:45

Sharing

Report Analysis Logs

General

Target

download.exe.dll
Size

9KB
MD5

2e30e9db2016f9cb67d0f5ec4ca3d0a3
SHA1

6eacee453bed66ce967395c5636230280f927e40
SHA256

5c1ff88eb237b54f586344de8d3fdb9c4203a0b4d18dbb5fc9aa448f00cb7be3
SHA512

0dae63128f710cc0e4c2bec117021c36ad36ed767f89374f08675b8569a063ad88c80428eede3431129e2d20091a1fe5c7e0f40dceb63dadbb8ce953980f297c
SSDEEP

192:dHB4tBS5sNLH99AIj0S4VG1XCoqftVMvDhaK1:dHiNND99AIj09OXCpe1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1768 wrote to memory of 1284	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1284	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1284	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1284	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1284	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1284	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1284	1768	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\download.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\download.exe.dll,#1
2⤵
PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1284-54-0x0000000000000000-mapping.dmp

Download
memory/1284-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download