c55380df450344a09c1833f9d7ba23b32c2da8be10e4384c938a21737780ea91 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c55380df450344a09c1833f9d7ba23b32c2da8be10e4384c938a21737780ea91.dll
Size

4KB
MD5

abbc6e2396535db38a3369cf1c763390
SHA1

b2ce6175962ed4d3017e655c99212e0456781c07
SHA256

c55380df450344a09c1833f9d7ba23b32c2da8be10e4384c938a21737780ea91
SHA512

2f93a5127f1fa2e83a5384fc1ffcd25c77b53159e8b4ae3137a71364721bde345bb8b26a5e0adc4d61e734e58a9790094dc8f5f42d1af6e220fe0031196485a3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 856	1196	rundll32.exe	27
PID 1196 wrote to memory of 856	1196	rundll32.exe	27
PID 1196 wrote to memory of 856	1196	rundll32.exe	27
PID 1196 wrote to memory of 856	1196	rundll32.exe	27
PID 1196 wrote to memory of 856	1196	rundll32.exe	27
PID 1196 wrote to memory of 856	1196	rundll32.exe	27
PID 1196 wrote to memory of 856	1196	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c55380df450344a09c1833f9d7ba23b32c2da8be10e4384c938a21737780ea91.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c55380df450344a09c1833f9d7ba23b32c2da8be10e4384c938a21737780ea91.dll,#1
  2⤵
  PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/856-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download