0e7c1fafdd1cd76b89f57b691b8cb50689b111e6bf757415542038c2cb50f366 | Triage

Analysis

max time kernel
33s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 15:56

Sharing

Report Analysis Logs

General

Target

0e7c1fafdd1cd76b89f57b691b8cb50689b111e6bf757415542038c2cb50f366.dll
Size

3KB
MD5

23f792efe42f161bdb6db2a1a9fcab70
SHA1

af8f83a1a93d056386db175987fd518ca5ea006c
SHA256

0e7c1fafdd1cd76b89f57b691b8cb50689b111e6bf757415542038c2cb50f366
SHA512

86892d4fb3a80063335907d0d26d8c2f60ade36724d9616a19d29a36e74dfd83a68031f4335c99985450da43ac0b48b3da001c94374c64b6ebbe48df9acd61dd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e7c1fafdd1cd76b89f57b691b8cb50689b111e6bf757415542038c2cb50f366.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e7c1fafdd1cd76b89f57b691b8cb50689b111e6bf757415542038c2cb50f366.dll,#1
  2⤵
  PID:532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/532-55-0x0000000075041000-0x0000000075043000-memory.dmp

Filesize
8KB

Download