39f95ecb7d82b71dcb4cc874ee1579a65869ec681dee38e7ba80da8f92ae9177 | Triage

Analysis

max time kernel
221s
max time network
335s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 22:18

Sharing

Report Analysis Logs

General

Target

autocopy/diskcopy.dll
Size

36KB
MD5

17d46b1daebb0db9c0905bc5270ff36b
SHA1

830df71f43ac6d213557592313d980d32d83b5be
SHA256

2f77e94fc834a2fffa1f7f9ebf72a0ef8913b361b1d2abbe85cbe323bfb26c3a
SHA512

adaf390e7b9559058b4e552ebb38c2283e69c5f79c75561aca31476baf9849228cd6a7d83cb16dd89f1bf16999b6c6fd3ba9fa5262e20a2d7d38974f7b60817d
SSDEEP

384:Q0OuGRgTNHhFJRmlMPNynvRyhKHHEoZo94heI3:ouAgTNBxknJhHHdZo92

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1708 wrote to memory of 756	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 756	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 756	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 756	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 756	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 756	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 756	1708	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\autocopy\diskcopy.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\autocopy\diskcopy.dll,#1
  2⤵
  PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/756-54-0x0000000000000000-mapping.dmp

Download
memory/756-55-0x0000000076D71000-0x0000000076D73000-memory.dmp

Filesize
8KB

Download