348c03a90d02f800123d7cb4ef62409d4049baa094a69a2e34210e11dc87b8e3 | Triage

Analysis

max time kernel
42s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 05:51

Sharing

Report Analysis Logs

General

Target

348c03a90d02f800123d7cb4ef62409d4049baa094a69a2e34210e11dc87b8e3.dll
Size

4KB
MD5

74e0c3aa627757e180e17431603fe9d0
SHA1

b14d8f160b39a12fb4a9b939e5b40a0ed991b881
SHA256

348c03a90d02f800123d7cb4ef62409d4049baa094a69a2e34210e11dc87b8e3
SHA512

372ef4b55e32ed3d911a401fdc9ecaa295e72b39c6a1ae26c652acd139189e87df6193bc985ff261c6a34c39b99b7b93a3592053fad8baba003563f652f3b2b7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27
PID 1752 wrote to memory of 1720	1752	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\348c03a90d02f800123d7cb4ef62409d4049baa094a69a2e34210e11dc87b8e3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\348c03a90d02f800123d7cb4ef62409d4049baa094a69a2e34210e11dc87b8e3.dll,#1
  2⤵
  PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1720-55-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download