42720900b5e48fa04511e634e47b81994039cbc04165068afafc9b0d45eca7cc | Triage

Analysis

max time kernel
33s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 11:04

Sharing

Report Analysis Logs

General

Target

42720900b5e48fa04511e634e47b81994039cbc04165068afafc9b0d45eca7cc.dll
Size

3KB
MD5

7d5ee0286659eae2d9cd1eabc7534530
SHA1

c97d8a7a5eb0cf7672fc38cbe25e0967fe21a029
SHA256

42720900b5e48fa04511e634e47b81994039cbc04165068afafc9b0d45eca7cc
SHA512

3b43f38ce9b68a790532cfa75d929e0229ea9d98286729b7105c8392f8723aa213026d847158e63ad4fdc1c4f29d9b8aa34ec693dd2cd5bd9f7e7ab8069946b6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27
PID 1844 wrote to memory of 1940	1844	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42720900b5e48fa04511e634e47b81994039cbc04165068afafc9b0d45eca7cc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42720900b5e48fa04511e634e47b81994039cbc04165068afafc9b0d45eca7cc.dll,#1
  2⤵
  PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1940-54-0x0000000000000000-mapping.dmp

Download
memory/1940-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download