6c1c6d2345d5640d3e0f52e08dfd4f63f3406bde79b3039636fccedda929fc65 | Triage

Analysis

max time kernel
14s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 21:56

Sharing

Report Analysis Logs

General

Target

6c1c6d2345d5640d3e0f52e08dfd4f63f3406bde79b3039636fccedda929fc65.dll
Size

3KB
MD5

cf40f20222bf6c36c0ae643d1d3c44a0
SHA1

b7af79a406a83b9dcd05377c09efa52aec87ddf1
SHA256

6c1c6d2345d5640d3e0f52e08dfd4f63f3406bde79b3039636fccedda929fc65
SHA512

24808b03231f45e75945af26ac1ef71d12292eef6a75af52aff066e0a032210d63abfaba2329b5c71b254df98dfacbe5d6f3e74e4f822c106ebfcc20eb9367e7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c1c6d2345d5640d3e0f52e08dfd4f63f3406bde79b3039636fccedda929fc65.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c1c6d2345d5640d3e0f52e08dfd4f63f3406bde79b3039636fccedda929fc65.dll,#1
  2⤵
  PID:1328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1328-54-0x0000000000000000-mapping.dmp

Download
memory/1328-55-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download