f76717c2ee4fff6b03fe9e402af2befd8dae0fb7350995e45eb9f12594390bb8 | Triage

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 18:22

Sharing

Report Analysis Logs

General

Target

f76717c2ee4fff6b03fe9e402af2befd8dae0fb7350995e45eb9f12594390bb8.dll
Size

3KB
MD5

17789a743c58fb02841370e0cd7ca1d0
SHA1

5ea03b599e191047d0a769732b0ccd72183cdd36
SHA256

f76717c2ee4fff6b03fe9e402af2befd8dae0fb7350995e45eb9f12594390bb8
SHA512

21a9576c9f3c20d0ded91efca2e000c228703646739262bb81c11edcfe2eca5a9a2bc351505c33410e2ef8d3dab8d25c5ed4781051fdfc8b9c28b8010f2b38a0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1344	1204	rundll32.exe	25
PID 1204 wrote to memory of 1344	1204	rundll32.exe	25
PID 1204 wrote to memory of 1344	1204	rundll32.exe	25
PID 1204 wrote to memory of 1344	1204	rundll32.exe	25
PID 1204 wrote to memory of 1344	1204	rundll32.exe	25
PID 1204 wrote to memory of 1344	1204	rundll32.exe	25
PID 1204 wrote to memory of 1344	1204	rundll32.exe	25

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f76717c2ee4fff6b03fe9e402af2befd8dae0fb7350995e45eb9f12594390bb8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f76717c2ee4fff6b03fe9e402af2befd8dae0fb7350995e45eb9f12594390bb8.dll,#1
  2⤵
  PID:1344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1344-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download