996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764 | Triage

Analysis

max time kernel
46s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:20

Sharing

Report Analysis Logs

General

Target

996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764.dll
Size

4KB
MD5

74085d366c5e1891f4930f3cee65b540
SHA1

2bb62790e31d3f1ba9941a04ec165d803d36737c
SHA256

996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764
SHA512

f033ad00777569878b60cc57136048c84b963235da6c1193f0a2bb0da85ea818a0415168a0bfae5b4a761fa1ff1705e3f0a7d5a8bc364651d1e9eccbe92109c0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 308 wrote to memory of 1040	308	rundll32.exe	28
PID 308 wrote to memory of 1040	308	rundll32.exe	28
PID 308 wrote to memory of 1040	308	rundll32.exe	28
PID 308 wrote to memory of 1040	308	rundll32.exe	28
PID 308 wrote to memory of 1040	308	rundll32.exe	28
PID 308 wrote to memory of 1040	308	rundll32.exe	28
PID 308 wrote to memory of 1040	308	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764.dll,#1
  2⤵
  PID:1040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1040-55-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download