739bbdac1d70d28bbce4552eb545e9a9e2504610a52407965d6ecb4bd3525d51 | Triage

Analysis

max time kernel
22s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 15:08

Sharing

Report Analysis Logs

General

Target

739bbdac1d70d28bbce4552eb545e9a9e2504610a52407965d6ecb4bd3525d51.dll
Size

3KB
MD5

16affbf0bc2cd187e3a7378311239c36
SHA1

452ff7f159e024ae3cfe6b0d21976c55a8947418
SHA256

739bbdac1d70d28bbce4552eb545e9a9e2504610a52407965d6ecb4bd3525d51
SHA512

251b9a0a67e9af12f5f6a9ded3046447401b784b71d59005c3e1c05ed764916c32cc27baa45d3ab7b9b932da008f8c4fa89611b6514709fdc68c8d6a349f3a69

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\739bbdac1d70d28bbce4552eb545e9a9e2504610a52407965d6ecb4bd3525d51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\739bbdac1d70d28bbce4552eb545e9a9e2504610a52407965d6ecb4bd3525d51.dll,#1
  2⤵
  PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1380-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download