8e78756456fb2657e7716a989ed4809dcc54d4bd075f1b9ef0462ee5e5d73cc7 | Triage

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 02:11

Sharing

Report Analysis Logs

General

Target

8e78756456fb2657e7716a989ed4809dcc54d4bd075f1b9ef0462ee5e5d73cc7.dll
Size

4KB
MD5

3027b1e6821bb13c4d3331a4d9679ba0
SHA1

9bdd782a43f2e205bf23202e8f5da4b456d68acf
SHA256

8e78756456fb2657e7716a989ed4809dcc54d4bd075f1b9ef0462ee5e5d73cc7
SHA512

11abb5563792bc4427b5ebf46a55e5c5e4450aa130940526fffb826c870678812a183430b624ebb63ad2fc46d14d49faec6646e65b201b10972f88a08bd9c6ec

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e78756456fb2657e7716a989ed4809dcc54d4bd075f1b9ef0462ee5e5d73cc7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e78756456fb2657e7716a989ed4809dcc54d4bd075f1b9ef0462ee5e5d73cc7.dll,#1
  2⤵
  PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1360-55-0x00000000756A1000-0x00000000756A3000-memory.dmp

Filesize
8KB

Download