4dea31753779c07c3b64fb7d520cd814a20528007d7b2715611796a1c47c705b | Triage

Analysis

max time kernel
8s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:49

Sharing

Report Analysis Logs

General

Target

4dea31753779c07c3b64fb7d520cd814a20528007d7b2715611796a1c47c705b.dll
Size

4KB
MD5

cc549690178d33fffc0dd62844db0f20
SHA1

1bc8bd09d55734e467dc9c20b2f0b2c15d306d5f
SHA256

4dea31753779c07c3b64fb7d520cd814a20528007d7b2715611796a1c47c705b
SHA512

e2a5f3b0f333944655719795af8db8cef6927da5f8733443c0fe8da39ec0635e0e765a09576dfc01086e1b28224806e373e609e847570f8ff3b3aa252e4e168b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4dea31753779c07c3b64fb7d520cd814a20528007d7b2715611796a1c47c705b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4dea31753779c07c3b64fb7d520cd814a20528007d7b2715611796a1c47c705b.dll,#1
  2⤵
  PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-55-0x0000000075C41000-0x0000000075C43000-memory.dmp

Filesize
8KB

Download