b2ce45bae5c78e4fdc8444cc569e345aa6f70095439b81aef0f0e5e09c7bee96 | Triage

Analysis

max time kernel
43s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:40

Sharing

Report Analysis Logs

General

Target

b2ce45bae5c78e4fdc8444cc569e345aa6f70095439b81aef0f0e5e09c7bee96.dll
Size

3KB
MD5

c412c7ebfb23fb91b0c02ce03de8c580
SHA1

61f0c2d4a4b444c9ba874d79d4d1ac93835c63f5
SHA256

b2ce45bae5c78e4fdc8444cc569e345aa6f70095439b81aef0f0e5e09c7bee96
SHA512

3dd9aeb527c6630a3690574d0f23606346ff5247d49ce847beae089701043ab8ccded1ad28e63b21223187ed9b59d2c1da9d430831ff46d585bcc275205e0ef9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 944	1700	rundll32.exe	27
PID 1700 wrote to memory of 944	1700	rundll32.exe	27
PID 1700 wrote to memory of 944	1700	rundll32.exe	27
PID 1700 wrote to memory of 944	1700	rundll32.exe	27
PID 1700 wrote to memory of 944	1700	rundll32.exe	27
PID 1700 wrote to memory of 944	1700	rundll32.exe	27
PID 1700 wrote to memory of 944	1700	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2ce45bae5c78e4fdc8444cc569e345aa6f70095439b81aef0f0e5e09c7bee96.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2ce45bae5c78e4fdc8444cc569e345aa6f70095439b81aef0f0e5e09c7bee96.dll,#1
  2⤵
  PID:944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/944-55-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download