59c998afcc8d078844ad555809c28c316907e19d9b8b2d846b6e5b65b9ec4547 | Triage

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:39

Sharing

Report Analysis Logs

General

Target

59c998afcc8d078844ad555809c28c316907e19d9b8b2d846b6e5b65b9ec4547.dll
Size

3KB
MD5

38f20e7761ece234bf68dd2c8361be80
SHA1

e612e6845ee771be6ebe2a7b0024a51ed69bd8cd
SHA256

59c998afcc8d078844ad555809c28c316907e19d9b8b2d846b6e5b65b9ec4547
SHA512

db4069e1b00083c0eaf41ffbd39d6d0dc99aff8087df6ad4fc7c3e85ca06d04cb55f1c79fadf08645b1282af9d50951b49c17c8a774a1f5d626fe689d334334f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 1276	1340	rundll32.exe	27
PID 1340 wrote to memory of 1276	1340	rundll32.exe	27
PID 1340 wrote to memory of 1276	1340	rundll32.exe	27
PID 1340 wrote to memory of 1276	1340	rundll32.exe	27
PID 1340 wrote to memory of 1276	1340	rundll32.exe	27
PID 1340 wrote to memory of 1276	1340	rundll32.exe	27
PID 1340 wrote to memory of 1276	1340	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59c998afcc8d078844ad555809c28c316907e19d9b8b2d846b6e5b65b9ec4547.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59c998afcc8d078844ad555809c28c316907e19d9b8b2d846b6e5b65b9ec4547.dll,#1
  2⤵
  PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1276-55-0x00000000758B1000-0x00000000758B3000-memory.dmp

Filesize
8KB

Download