cc8c2069e371341f006f2628c639589b156568e1425e77160d67d28cc0030365 | Triage

Analysis

max time kernel
41s
max time network
111s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 18:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cc8c2069e371341f006f2628c639589b156568e1425e77160d67d28cc0030365.dll
Size

3KB
MD5

4a4f13a0d1d607cb0b3e20ee01b65a50
SHA1

18a2609e13fda4c21b9d5ec32568717ddf83be43
SHA256

cc8c2069e371341f006f2628c639589b156568e1425e77160d67d28cc0030365
SHA512

868af384f5a20e2baf92afb5b34248dc88c97d28c27fb0e0b6f18cde11538ada973b4de455f3b78772b1d1d8cb0d5c58bee3e6e45e9ba2b3582577978d74f96e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1408	1600	rundll32.exe	28
PID 1600 wrote to memory of 1408	1600	rundll32.exe	28
PID 1600 wrote to memory of 1408	1600	rundll32.exe	28
PID 1600 wrote to memory of 1408	1600	rundll32.exe	28
PID 1600 wrote to memory of 1408	1600	rundll32.exe	28
PID 1600 wrote to memory of 1408	1600	rundll32.exe	28
PID 1600 wrote to memory of 1408	1600	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc8c2069e371341f006f2628c639589b156568e1425e77160d67d28cc0030365.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc8c2069e371341f006f2628c639589b156568e1425e77160d67d28cc0030365.dll,#1
  2⤵
  PID:1408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1408-55-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download