176dc81a378253618e3797a667f4ec692d74b84e82752156563e872e3e984863 | Triage

Analysis

max time kernel
13s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 15:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

176dc81a378253618e3797a667f4ec692d74b84e82752156563e872e3e984863.dll
Size

3KB
MD5

0dee491279e6811f4b7437b9c8990a40
SHA1

1180d62a793294cfe9d698afdca9057cdf0e369a
SHA256

176dc81a378253618e3797a667f4ec692d74b84e82752156563e872e3e984863
SHA512

cc68af5b86ea6782b9b46e3e97c7511f6abc712defb7eadd9edf9a59a6427dd6ffd28fc532e43baf1c0b52aae2da89c4123e67d50448f38f623a77999965d335

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28
PID 1108 wrote to memory of 864	1108	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\176dc81a378253618e3797a667f4ec692d74b84e82752156563e872e3e984863.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\176dc81a378253618e3797a667f4ec692d74b84e82752156563e872e3e984863.dll,#1
  2⤵
  PID:864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/864-55-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download