c0ea372bdd4120ba7e28e57a6a47e627702a5b07f8f04be2f9c48e169b1d3e26 | Triage

Analysis

max time kernel
35s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:16

Sharing

Report Analysis Logs

General

Target

c0ea372bdd4120ba7e28e57a6a47e627702a5b07f8f04be2f9c48e169b1d3e26.dll
Size

4KB
MD5

0a1495ab3945a20315b360628b479cc0
SHA1

3814b38077e6e365aa2b99647f72af44dc43dd32
SHA256

c0ea372bdd4120ba7e28e57a6a47e627702a5b07f8f04be2f9c48e169b1d3e26
SHA512

5921ee23b2cb3bcbb4da84daa7e0ad011341ac040284d65f8f66ce45a61c782136fdf7ce24295c68bd8edfd9ea99e8cd9ea59908ab3a70bbb199b9b84f33b1c5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27
PID 1044 wrote to memory of 1876	1044	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0ea372bdd4120ba7e28e57a6a47e627702a5b07f8f04be2f9c48e169b1d3e26.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0ea372bdd4120ba7e28e57a6a47e627702a5b07f8f04be2f9c48e169b1d3e26.dll,#1
  2⤵
  PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1876-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download