79d2061914e7a17058b7552977c354e1fe6be86181fe936ea7139bd9627ee430 | Triage

Analysis

max time kernel
52s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 20:38

Sharing

Report Analysis Logs

General

Target

79d2061914e7a17058b7552977c354e1fe6be86181fe936ea7139bd9627ee430.dll
Size

3KB
MD5

e99de7700279936542cdbe89874c007c
SHA1

a345db68da36ef93aff3ce2d914f367aee96a6c2
SHA256

79d2061914e7a17058b7552977c354e1fe6be86181fe936ea7139bd9627ee430
SHA512

06ca400ca56ae6c402ab8b1365128121dab6d814417a97fd3b5c692e51c337d8cb590f40ef844092d1033b6c3c01bcd4e0609f9aa6d7300d6bd2b3f10a503f24

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28
PID 1332 wrote to memory of 1108	1332	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79d2061914e7a17058b7552977c354e1fe6be86181fe936ea7139bd9627ee430.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\79d2061914e7a17058b7552977c354e1fe6be86181fe936ea7139bd9627ee430.dll,#1
  2⤵
  PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1108-55-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download