693e57557e135961d812e310d37ccecdaee10ea6db353e87b3b013401b7bb961 | Triage

Analysis

max time kernel
252s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 10:33

Sharing

Report Analysis Logs

General

Target

693e57557e135961d812e310d37ccecdaee10ea6db353e87b3b013401b7bb961.dll
Size

3KB
MD5

c1cdfc2c759eb86f2fb96b7af17c8ee0
SHA1

30508f71a64cae754bf8bf2550a37ae02ec62759
SHA256

693e57557e135961d812e310d37ccecdaee10ea6db353e87b3b013401b7bb961
SHA512

b26383233424cc59a7c59f770aa5cb29474cacfb1210d1c6378055e1c236b350b19af3e7b8d0d0b9b9d9aa15502d6a0ba0e008eaaecb80b542315c30acbdcd3b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 556	544	rundll32.exe	28
PID 544 wrote to memory of 556	544	rundll32.exe	28
PID 544 wrote to memory of 556	544	rundll32.exe	28
PID 544 wrote to memory of 556	544	rundll32.exe	28
PID 544 wrote to memory of 556	544	rundll32.exe	28
PID 544 wrote to memory of 556	544	rundll32.exe	28
PID 544 wrote to memory of 556	544	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\693e57557e135961d812e310d37ccecdaee10ea6db353e87b3b013401b7bb961.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\693e57557e135961d812e310d37ccecdaee10ea6db353e87b3b013401b7bb961.dll,#1
  2⤵
  PID:556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/556-55-0x0000000075441000-0x0000000075443000-memory.dmp

Filesize
8KB

Download