bcc3a87d156f4f2f595542c3d00e49011b810cf068b8afdd09c15cc354ac04c5 | Triage

Analysis

max time kernel
55s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:34

Sharing

Report Analysis Logs

General

Target

bcc3a87d156f4f2f595542c3d00e49011b810cf068b8afdd09c15cc354ac04c5.dll
Size

3KB
MD5

56e4a63be1a65a7cab106f25d9515930
SHA1

7e1d899dc2ebd6b24c5481716155d71715a2e1f0
SHA256

bcc3a87d156f4f2f595542c3d00e49011b810cf068b8afdd09c15cc354ac04c5
SHA512

d62903acbb4f42aae7f443454221b5a2db53af92fe42b1d91084173e61b28febaa51577a197dd14dfdc429855b53ec4d301b7138ede55a7fac7090db88c26411

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28
PID 1456 wrote to memory of 1772	1456	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcc3a87d156f4f2f595542c3d00e49011b810cf068b8afdd09c15cc354ac04c5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcc3a87d156f4f2f595542c3d00e49011b810cf068b8afdd09c15cc354ac04c5.dll,#1
  2⤵
  PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1772-55-0x00000000766F1000-0x00000000766F3000-memory.dmp

Filesize
8KB

Download