74f0d407b49b8b0cd3d295720fac1893a0a247c67a8db0979e88b7e387bc9159 | Triage

Analysis

max time kernel
20s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

74f0d407b49b8b0cd3d295720fac1893a0a247c67a8db0979e88b7e387bc9159.dll
Size

4KB
MD5

03b1b7e86690227f65068aad05c9a910
SHA1

598a4baf92bd68902fa33cd5a556aa02d9d63b02
SHA256

74f0d407b49b8b0cd3d295720fac1893a0a247c67a8db0979e88b7e387bc9159
SHA512

c4c5fda6fa6b5d1ad4d46a91818af172c481443ee8c26ae5d7fd0fc0ad75f890e5f8fac4452cc4a5085a9ddce02f456552d636e43c5546e280b65a762b409f86

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 2032	1404	rundll32.exe	28
PID 1404 wrote to memory of 2032	1404	rundll32.exe	28
PID 1404 wrote to memory of 2032	1404	rundll32.exe	28
PID 1404 wrote to memory of 2032	1404	rundll32.exe	28
PID 1404 wrote to memory of 2032	1404	rundll32.exe	28
PID 1404 wrote to memory of 2032	1404	rundll32.exe	28
PID 1404 wrote to memory of 2032	1404	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74f0d407b49b8b0cd3d295720fac1893a0a247c67a8db0979e88b7e387bc9159.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\74f0d407b49b8b0cd3d295720fac1893a0a247c67a8db0979e88b7e387bc9159.dll,#1
  2⤵
  PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-55-0x0000000075881000-0x0000000075883000-memory.dmp

Filesize
8KB

Download