e2a46aafae8a97db29c15e1b91b408310d976cec34cad0484df85ffab2435a90 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 22:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e2a46aafae8a97db29c15e1b91b408310d976cec34cad0484df85ffab2435a90.dll
Size

3KB
MD5

78e84743b8ba9552b3fc50d47e1da310
SHA1

0077cd0a972f4e28cb23dc2bc01b0381629a1627
SHA256

e2a46aafae8a97db29c15e1b91b408310d976cec34cad0484df85ffab2435a90
SHA512

1db9e39fb126684bda9ef36c58a3f14e0e74407a29f32aebdbb2414af36b6e54080784059e39e7dd746d83001b05a4ff352138e0a188a44a0215d2fa778abd38

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2004	1948	rundll32.exe	28
PID 1948 wrote to memory of 2004	1948	rundll32.exe	28
PID 1948 wrote to memory of 2004	1948	rundll32.exe	28
PID 1948 wrote to memory of 2004	1948	rundll32.exe	28
PID 1948 wrote to memory of 2004	1948	rundll32.exe	28
PID 1948 wrote to memory of 2004	1948	rundll32.exe	28
PID 1948 wrote to memory of 2004	1948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2a46aafae8a97db29c15e1b91b408310d976cec34cad0484df85ffab2435a90.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2a46aafae8a97db29c15e1b91b408310d976cec34cad0484df85ffab2435a90.dll,#1
  2⤵
  PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-55-0x00000000764D1000-0x00000000764D3000-memory.dmp

Filesize
8KB

Download