7b8b752c23d4eeb085b1cd0b1abd6c5ec440965c9f0cb3d0ebed8a26bc32137b | Triage

Analysis

max time kernel
41s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 20:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7b8b752c23d4eeb085b1cd0b1abd6c5ec440965c9f0cb3d0ebed8a26bc32137b.dll
Size

3KB
MD5

300f552f406fd8c00bcb8f969d0f4700
SHA1

df30847fe0606cef0660ad3712247b55662a878d
SHA256

7b8b752c23d4eeb085b1cd0b1abd6c5ec440965c9f0cb3d0ebed8a26bc32137b
SHA512

0e377541dd14b87b988661289a2322e9c9defe9003e68d2bbc49c223bf9debb9796dea4dc6967855364b1aada6035e98f92ba57af96ff13be7f97a5807278f07

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 596 wrote to memory of 1180	596	rundll32.exe	28
PID 596 wrote to memory of 1180	596	rundll32.exe	28
PID 596 wrote to memory of 1180	596	rundll32.exe	28
PID 596 wrote to memory of 1180	596	rundll32.exe	28
PID 596 wrote to memory of 1180	596	rundll32.exe	28
PID 596 wrote to memory of 1180	596	rundll32.exe	28
PID 596 wrote to memory of 1180	596	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b8b752c23d4eeb085b1cd0b1abd6c5ec440965c9f0cb3d0ebed8a26bc32137b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:596
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b8b752c23d4eeb085b1cd0b1abd6c5ec440965c9f0cb3d0ebed8a26bc32137b.dll,#1
  2⤵
  PID:1180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1180-55-0x0000000075701000-0x0000000075703000-memory.dmp

Filesize
8KB

Download