ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c | Triage

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 15:05

Sharing

Report Analysis Logs

General

Target

ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c.dll
Size

3KB
MD5

cb05f13ba65c5359e654e27dff8edd9b
SHA1

b78a695f911f0447f6ab2d85e413aeb71a046686
SHA256

ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c
SHA512

65631e646403e9031a536b77c844fb4fdb523bcae095d3ab43e5bf195ad112d8397fbc12e8fbfc948241da88938294e159b83621bea8d37f6003f7c21bc8d6c9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 972	1812	rundll32.exe	27
PID 1812 wrote to memory of 972	1812	rundll32.exe	27
PID 1812 wrote to memory of 972	1812	rundll32.exe	27
PID 1812 wrote to memory of 972	1812	rundll32.exe	27
PID 1812 wrote to memory of 972	1812	rundll32.exe	27
PID 1812 wrote to memory of 972	1812	rundll32.exe	27
PID 1812 wrote to memory of 972	1812	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c.dll,#1
  2⤵
  PID:972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/972-55-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download