785c0e10ed70f27b143342602e5425857848978b09cbfc59552227dc9d78f60e | Triage

Analysis

max time kernel
48s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 01:22

Sharing

Report Analysis Logs

General

Target

785c0e10ed70f27b143342602e5425857848978b09cbfc59552227dc9d78f60e.dll
Size

4KB
MD5

9e7f96f6cfd509b50b7d33477fb23cd0
SHA1

81d1e293c76399c9b167f0e53da4f89f143f8b93
SHA256

785c0e10ed70f27b143342602e5425857848978b09cbfc59552227dc9d78f60e
SHA512

595bcdf49805e38288e4b0a915fb80d34795e8a9584a33454d4e0bf2e60764a3e3cce9e97a0321c9d2f06e6b150b64788f6df5a90444c928c9b033ff03538cd4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 892	1168	rundll32.exe	28
PID 1168 wrote to memory of 892	1168	rundll32.exe	28
PID 1168 wrote to memory of 892	1168	rundll32.exe	28
PID 1168 wrote to memory of 892	1168	rundll32.exe	28
PID 1168 wrote to memory of 892	1168	rundll32.exe	28
PID 1168 wrote to memory of 892	1168	rundll32.exe	28
PID 1168 wrote to memory of 892	1168	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\785c0e10ed70f27b143342602e5425857848978b09cbfc59552227dc9d78f60e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\785c0e10ed70f27b143342602e5425857848978b09cbfc59552227dc9d78f60e.dll,#1
  2⤵
  PID:892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/892-54-0x0000000000000000-mapping.dmp

Download
memory/892-55-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download