c7755df2f43949b827535554d143562e6574079fc426f6bdd8e6658a3d0eadd6 | Triage

Analysis

max time kernel
15s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 21:53

Sharing

Report Analysis Logs

General

Target

c7755df2f43949b827535554d143562e6574079fc426f6bdd8e6658a3d0eadd6.dll
Size

3KB
MD5

addbb430717b67a7c581060c518d94e0
SHA1

48ce9463070f632ce87541c58648570d6a4654fe
SHA256

c7755df2f43949b827535554d143562e6574079fc426f6bdd8e6658a3d0eadd6
SHA512

5e4a29b6fbbb14abac2dcebffd62cd487c3e8aac642e517148377a5b555db0891ffed6baeb98c640883f22dd5b932cfcf647c45f08f424540198e04ddb3045ee

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2008	1932	rundll32.exe	28
PID 1932 wrote to memory of 2008	1932	rundll32.exe	28
PID 1932 wrote to memory of 2008	1932	rundll32.exe	28
PID 1932 wrote to memory of 2008	1932	rundll32.exe	28
PID 1932 wrote to memory of 2008	1932	rundll32.exe	28
PID 1932 wrote to memory of 2008	1932	rundll32.exe	28
PID 1932 wrote to memory of 2008	1932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c7755df2f43949b827535554d143562e6574079fc426f6bdd8e6658a3d0eadd6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c7755df2f43949b827535554d143562e6574079fc426f6bdd8e6658a3d0eadd6.dll,#1
  2⤵
  PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2008-55-0x0000000076181000-0x0000000076183000-memory.dmp

Filesize
8KB

Download