33217cbc8d19b04f45d98986654afaf578632b41d53881fce3b089830675d10c | Triage

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:25

Sharing

Report Analysis Logs

General

Target

33217cbc8d19b04f45d98986654afaf578632b41d53881fce3b089830675d10c.dll
Size

3KB
MD5

c69825049449a1c7d73a762004e25c30
SHA1

3e1504c9a293120fa505ab02e97532f7390655be
SHA256

33217cbc8d19b04f45d98986654afaf578632b41d53881fce3b089830675d10c
SHA512

d1f76b19cee84d4b36ae401427c33fe4b590044d81045c5817cb0688701b7972fd373c9bdf0ea10da86a5921f3cb64ff7d3ce47ddbbf1d82e5b099f38d11e329

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27
PID 1688 wrote to memory of 2000	1688	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33217cbc8d19b04f45d98986654afaf578632b41d53881fce3b089830675d10c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\33217cbc8d19b04f45d98986654afaf578632b41d53881fce3b089830675d10c.dll,#1
  2⤵
  PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-55-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download