311c567a3152f8db8725f3ff2141b83ae7e08019a1a574ff6ecfeed08c25524b | Triage

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 11:42

Sharing

Report Analysis Logs

General

Target

311c567a3152f8db8725f3ff2141b83ae7e08019a1a574ff6ecfeed08c25524b.dll
Size

3KB
MD5

5816e0e7e18ae61d3b397fe68e0b2940
SHA1

7abb8aa9dbfaf4c8dcbe890ce56229c1d9afdaa4
SHA256

311c567a3152f8db8725f3ff2141b83ae7e08019a1a574ff6ecfeed08c25524b
SHA512

e3436a818a5df9fd2b4ecaa64a6f69caa9c6bfbb5a7434f4ec1ae951b3fc2af630fabf87bf58a8e88514cddff2534142999b2faa7842005e906dfa3d95500677

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 1656	1620	rundll32.exe	28
PID 1620 wrote to memory of 1656	1620	rundll32.exe	28
PID 1620 wrote to memory of 1656	1620	rundll32.exe	28
PID 1620 wrote to memory of 1656	1620	rundll32.exe	28
PID 1620 wrote to memory of 1656	1620	rundll32.exe	28
PID 1620 wrote to memory of 1656	1620	rundll32.exe	28
PID 1620 wrote to memory of 1656	1620	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\311c567a3152f8db8725f3ff2141b83ae7e08019a1a574ff6ecfeed08c25524b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\311c567a3152f8db8725f3ff2141b83ae7e08019a1a574ff6ecfeed08c25524b.dll,#1
  2⤵
  PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-54-0x0000000000000000-mapping.dmp

Download
memory/1656-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download