686555200d030d69990f4180d3d158eb67c5ab676b7b8dbfda01176395eba9fe | Triage

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 18:27

Sharing

Report Analysis Logs

General

Target

686555200d030d69990f4180d3d158eb67c5ab676b7b8dbfda01176395eba9fe.dll
Size

3KB
MD5

a7e6ce5931ed97131f5880fcf723fbe0
SHA1

31f0047b7b145e1b4eb596dc6a00692701ed3e75
SHA256

686555200d030d69990f4180d3d158eb67c5ab676b7b8dbfda01176395eba9fe
SHA512

ac75b71ddb53d4c7243b65c975e21ab312d2a7aac28e25b773de63ff9edfee6b21b773f9e6ef4de71d6830b936c328b80656d35e2cfa40eb70207512b8041a45

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\686555200d030d69990f4180d3d158eb67c5ab676b7b8dbfda01176395eba9fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:576
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\686555200d030d69990f4180d3d158eb67c5ab676b7b8dbfda01176395eba9fe.dll,#1
  2⤵
  PID:832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/832-55-0x0000000075911000-0x0000000075913000-memory.dmp

Filesize
8KB

Download