5c77ed478bd02c8b974df51604285f3e2a93741785f17ed13965532fa82dac3f | Triage

Analysis

max time kernel
2s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 01:28

Sharing

Report Analysis Logs

General

Target

5c77ed478bd02c8b974df51604285f3e2a93741785f17ed13965532fa82dac3f.dll
Size

3KB
MD5

4ae5c4a05dfd3b3968b0c63c4fb27a80
SHA1

73d19b9de77c3042a5180148036266e1c1b249a5
SHA256

5c77ed478bd02c8b974df51604285f3e2a93741785f17ed13965532fa82dac3f
SHA512

88c20336bd4c8eeae7a8b0f1a4eb50c2537bf898d1985fc3c950a3213d2bf42236c2dd7eef15e49c293c1b93ff3894f69560e6c66fbd31847ff3db0f7d7eed57

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2040	1788	rundll32.exe	28
PID 1788 wrote to memory of 2040	1788	rundll32.exe	28
PID 1788 wrote to memory of 2040	1788	rundll32.exe	28
PID 1788 wrote to memory of 2040	1788	rundll32.exe	28
PID 1788 wrote to memory of 2040	1788	rundll32.exe	28
PID 1788 wrote to memory of 2040	1788	rundll32.exe	28
PID 1788 wrote to memory of 2040	1788	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c77ed478bd02c8b974df51604285f3e2a93741785f17ed13965532fa82dac3f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c77ed478bd02c8b974df51604285f3e2a93741785f17ed13965532fa82dac3f.dll,#1
  2⤵
  PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-54-0x0000000000000000-mapping.dmp

Download
memory/2040-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download