663752a3b68e28d1650d117779990b07af81fdc208060a594e3af7f7b2feab0d | Triage

Analysis

max time kernel
39s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:38

Sharing

Report Analysis Logs

General

Target

663752a3b68e28d1650d117779990b07af81fdc208060a594e3af7f7b2feab0d.dll
Size

3KB
MD5

4c9e910ad6b4356fa7df312ac8504090
SHA1

9aebe4143920d6de45a0fa1e50a17d80712db3ae
SHA256

663752a3b68e28d1650d117779990b07af81fdc208060a594e3af7f7b2feab0d
SHA512

510dceb6a0a76432e4306c98d00f18a86d708c9af9f77755b850b4aeb8f0349eebbbe5cd6b06a0e00f97ae0f323fa5e731ac78f805f6a3586eb46083e522bf9d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2012	1108	rundll32.exe	28
PID 1108 wrote to memory of 2012	1108	rundll32.exe	28
PID 1108 wrote to memory of 2012	1108	rundll32.exe	28
PID 1108 wrote to memory of 2012	1108	rundll32.exe	28
PID 1108 wrote to memory of 2012	1108	rundll32.exe	28
PID 1108 wrote to memory of 2012	1108	rundll32.exe	28
PID 1108 wrote to memory of 2012	1108	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\663752a3b68e28d1650d117779990b07af81fdc208060a594e3af7f7b2feab0d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\663752a3b68e28d1650d117779990b07af81fdc208060a594e3af7f7b2feab0d.dll,#1
  2⤵
  PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-55-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download