e41ea8b78f0e5ea10b4f8ffa9735e975da20493257e3aadf653c83b647c94552 | Triage

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 21:52

Sharing

Report Analysis Logs

General

Target

e41ea8b78f0e5ea10b4f8ffa9735e975da20493257e3aadf653c83b647c94552.dll
Size

3KB
MD5

e00dad06e084c42b686d5344d35b842d
SHA1

511c6355448bbc4d9957a172b6a27577f9400d04
SHA256

e41ea8b78f0e5ea10b4f8ffa9735e975da20493257e3aadf653c83b647c94552
SHA512

12483a135a6cba86419a3f10a160251d516f6c300f8b011d0f8dd7ba8036abf85c97895af95f939b73c1485b261a1da9ab429aca24f3d55a9d75f90f67ae9005

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27
PID 860 wrote to memory of 1252	860	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e41ea8b78f0e5ea10b4f8ffa9735e975da20493257e3aadf653c83b647c94552.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e41ea8b78f0e5ea10b4f8ffa9735e975da20493257e3aadf653c83b647c94552.dll,#1
  2⤵
  PID:1252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1252-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download