e2f383123254f5b4a91cc8ea7fbe6d2a44c779368777207736a02a125d5c477b | Triage

Analysis

max time kernel
78s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 13:31

Sharing

Report Analysis Logs

General

Target

wsc.dll
Size

76KB
MD5

dc52696888f68d5b0e3d5e810c0d2a3c
SHA1

f72a97bf9ab09b3639c3c58c9c34d3675a507b87
SHA256

a1640a83373a8ce9e80734418ee0b10d48d3d0d823883a519849b50710c9f46a
SHA512

22cbe643038002e2d9dec7ffed7ba445ee1288571b445a8156c8bc533815bd330098893792b43c5592a881675a089f0b0229a230672569c62fa1032bec5ffcb2
SSDEEP

768:QVoWTrjr3eBjVgiHYSNjhCgk5NwF6fA6QzJhmlx3eBtBAmtXEty:QXTaySjCJm3mHuNtXEt

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1256 wrote to memory of 1296	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1296	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1296	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1296	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1296	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1296	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1296	1256	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wsc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\wsc.dll,#1
  2⤵
  PID:1296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1296-54-0x0000000000000000-mapping.dmp

Download
memory/1296-55-0x0000000075D11000-0x0000000075D13000-memory.dmp

Filesize
8KB

Download