9c3fbde46a640e9f56735158318fbf956df842c6334b6f4906ae6a24dc4c766b | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 22:38

Sharing

Report Analysis Logs

General

Target

9c3fbde46a640e9f56735158318fbf956df842c6334b6f4906ae6a24dc4c766b.dll
Size

3KB
MD5

42435a3c4eb5335f530c18e973cda1d0
SHA1

6e553a1e6e65ee96c3d9e5e0b6c7b9911763655d
SHA256

9c3fbde46a640e9f56735158318fbf956df842c6334b6f4906ae6a24dc4c766b
SHA512

024649f8059b3a3d72772d3337155a70f70127fb50f2e34191b8a6b144035b4c776b191e265c541bae270322a7bcd6a23bc31fa7e22405e180672c478d6df244

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c3fbde46a640e9f56735158318fbf956df842c6334b6f4906ae6a24dc4c766b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c3fbde46a640e9f56735158318fbf956df842c6334b6f4906ae6a24dc4c766b.dll,#1
  2⤵
  PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-55-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download