5cff2a200bd73f61de73d6ddf01f5d9f1440cf44c80a2a9cedbc3d45e64977b7 | Triage

Analysis

max time kernel
9s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:48

Sharing

Report Analysis Logs

General

Target

5cff2a200bd73f61de73d6ddf01f5d9f1440cf44c80a2a9cedbc3d45e64977b7.dll
Size

4KB
MD5

758bbbaae31521ae5d262851cf6f55b0
SHA1

831f7d95d574433fd506661500ab4895c4c2ebc2
SHA256

5cff2a200bd73f61de73d6ddf01f5d9f1440cf44c80a2a9cedbc3d45e64977b7
SHA512

efd253c14e4cc62fb706950204bfb2ec287dd8862d9d2c416a918b6478334b5fe227abd95271de67c1de6f1ac7f5c345ea21ea80619a2aee4d5abefc3f3f15f9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 832	1772	rundll32.exe	28
PID 1772 wrote to memory of 832	1772	rundll32.exe	28
PID 1772 wrote to memory of 832	1772	rundll32.exe	28
PID 1772 wrote to memory of 832	1772	rundll32.exe	28
PID 1772 wrote to memory of 832	1772	rundll32.exe	28
PID 1772 wrote to memory of 832	1772	rundll32.exe	28
PID 1772 wrote to memory of 832	1772	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cff2a200bd73f61de73d6ddf01f5d9f1440cf44c80a2a9cedbc3d45e64977b7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cff2a200bd73f61de73d6ddf01f5d9f1440cf44c80a2a9cedbc3d45e64977b7.dll,#1
  2⤵
  PID:832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/832-55-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download