7a2ced3495ae0372c6ee219d2f8f38c8c7fdb40308015bea6e7fa214ace42fe6 | Triage

Analysis

max time kernel
22s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 13:27

Sharing

Report Analysis Logs

General

Target

7a2ced3495ae0372c6ee219d2f8f38c8c7fdb40308015bea6e7fa214ace42fe6.dll
Size

4KB
MD5

5e9d482cc2ed2ad734f3b1b7b6d482a0
SHA1

e2a225e6fd553d087ab16ca623bde7ca587efee9
SHA256

7a2ced3495ae0372c6ee219d2f8f38c8c7fdb40308015bea6e7fa214ace42fe6
SHA512

f4644567ce6f9e051a6e74a7e3e3cb8123fc8470a17177c9281ee036546f882a361a17590b01b75282332b8130eef4dc5f9021ea0477dced806973af871c12e1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 916	808	rundll32.exe	27
PID 808 wrote to memory of 916	808	rundll32.exe	27
PID 808 wrote to memory of 916	808	rundll32.exe	27
PID 808 wrote to memory of 916	808	rundll32.exe	27
PID 808 wrote to memory of 916	808	rundll32.exe	27
PID 808 wrote to memory of 916	808	rundll32.exe	27
PID 808 wrote to memory of 916	808	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a2ced3495ae0372c6ee219d2f8f38c8c7fdb40308015bea6e7fa214ace42fe6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a2ced3495ae0372c6ee219d2f8f38c8c7fdb40308015bea6e7fa214ace42fe6.dll,#1
  2⤵
  PID:916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/916-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download