2ce6d524ee9b0be5c7ef58855aefb0dd17f6fce400380c6220afda96186f3569 | Triage

Analysis

max time kernel
3s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:36

Sharing

Report Analysis Logs

General

Target

2ce6d524ee9b0be5c7ef58855aefb0dd17f6fce400380c6220afda96186f3569.dll
Size

4KB
MD5

33bb15a08242ab223ea79f6002cf00b0
SHA1

8a64edf93b00d15bcca3f9b1f47d1e411812e2f6
SHA256

2ce6d524ee9b0be5c7ef58855aefb0dd17f6fce400380c6220afda96186f3569
SHA512

7ddefce5a0bac25b67c5a711f17c19aa71d37862bdc00697cfe7ca40fecf0b5c6bf9549efe141883a93c548f8c3b213731b0ce135211411e9290b5ab94dc91da

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 896	1472	rundll32.exe	28
PID 1472 wrote to memory of 896	1472	rundll32.exe	28
PID 1472 wrote to memory of 896	1472	rundll32.exe	28
PID 1472 wrote to memory of 896	1472	rundll32.exe	28
PID 1472 wrote to memory of 896	1472	rundll32.exe	28
PID 1472 wrote to memory of 896	1472	rundll32.exe	28
PID 1472 wrote to memory of 896	1472	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ce6d524ee9b0be5c7ef58855aefb0dd17f6fce400380c6220afda96186f3569.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ce6d524ee9b0be5c7ef58855aefb0dd17f6fce400380c6220afda96186f3569.dll,#1
  2⤵
  PID:896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/896-55-0x0000000075F21000-0x0000000075F23000-memory.dmp

Filesize
8KB

Download