77b6a330ee5082228e6a158371815fb155f73099fe4f98f38427c16554e2b030 | Triage

Analysis

max time kernel
7s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 04:53

Sharing

Report Analysis Logs

General

Target

77b6a330ee5082228e6a158371815fb155f73099fe4f98f38427c16554e2b030.dll
Size

4KB
MD5

cb365cc731d2fdbe93162fbf91869560
SHA1

f8d7e9558040c6043769c7581c4cd22a928aa41e
SHA256

77b6a330ee5082228e6a158371815fb155f73099fe4f98f38427c16554e2b030
SHA512

04a5469bf7861b2e819d4e614f4e9e661ad20fe74f890dfd7767bdb3c3273993173d727aa5eac065fd81e2bb026d033708f6d7bfbbc3537b8a47063ef0e0f66c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1420	2036	rundll32.exe	28
PID 2036 wrote to memory of 1420	2036	rundll32.exe	28
PID 2036 wrote to memory of 1420	2036	rundll32.exe	28
PID 2036 wrote to memory of 1420	2036	rundll32.exe	28
PID 2036 wrote to memory of 1420	2036	rundll32.exe	28
PID 2036 wrote to memory of 1420	2036	rundll32.exe	28
PID 2036 wrote to memory of 1420	2036	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77b6a330ee5082228e6a158371815fb155f73099fe4f98f38427c16554e2b030.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\77b6a330ee5082228e6a158371815fb155f73099fe4f98f38427c16554e2b030.dll,#1
  2⤵
  PID:1420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1420-54-0x0000000000000000-mapping.dmp

Download
memory/1420-55-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download