17cfabc7a9422e5d9a0f6298518d5f767082146c91ff0f57e0e740f78d361f8d | Triage

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:31

Sharing

Report Analysis Logs

General

Target

17cfabc7a9422e5d9a0f6298518d5f767082146c91ff0f57e0e740f78d361f8d.dll
Size

4KB
MD5

52bf7bf87be3731f9b7bdf45f8ecc710
SHA1

df9850080209261ab565682cc8baa5f79ded23a0
SHA256

17cfabc7a9422e5d9a0f6298518d5f767082146c91ff0f57e0e740f78d361f8d
SHA512

8988def2c741d8e236a1659b8f72ddf95968aa0fce9b90869975e522acb9d26c3fb83e8357b2fd878bc5e646602e886ff44395df055344655f2ff9d96c6d0c8a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 1988	544	rundll32.exe	26
PID 544 wrote to memory of 1988	544	rundll32.exe	26
PID 544 wrote to memory of 1988	544	rundll32.exe	26
PID 544 wrote to memory of 1988	544	rundll32.exe	26
PID 544 wrote to memory of 1988	544	rundll32.exe	26
PID 544 wrote to memory of 1988	544	rundll32.exe	26
PID 544 wrote to memory of 1988	544	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17cfabc7a9422e5d9a0f6298518d5f767082146c91ff0f57e0e740f78d361f8d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17cfabc7a9422e5d9a0f6298518d5f767082146c91ff0f57e0e740f78d361f8d.dll,#1
  2⤵
  PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1988-55-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download