7d8eeb2512760e93258fb05e5d7fe12017c5196e21054ad6486b526b8d520838 | Triage

Analysis

max time kernel
41s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 11:54

Sharing

Report Analysis Logs

General

Target

7d8eeb2512760e93258fb05e5d7fe12017c5196e21054ad6486b526b8d520838.dll
Size

3KB
MD5

434f4c12a63e13b1db7587d98f355540
SHA1

03d122370a7f3e306f3c77769a584acb73973afc
SHA256

7d8eeb2512760e93258fb05e5d7fe12017c5196e21054ad6486b526b8d520838
SHA512

4b0fbd584592f60079bb8df7d8b4e43170b2b4b53dd8c01bfbf2d3bc3907c5b75e787e7a801d5ec32392a24148646ddda904b32ae7a1bca2806e38f036360324

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 672	856	rundll32.exe	27
PID 856 wrote to memory of 672	856	rundll32.exe	27
PID 856 wrote to memory of 672	856	rundll32.exe	27
PID 856 wrote to memory of 672	856	rundll32.exe	27
PID 856 wrote to memory of 672	856	rundll32.exe	27
PID 856 wrote to memory of 672	856	rundll32.exe	27
PID 856 wrote to memory of 672	856	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d8eeb2512760e93258fb05e5d7fe12017c5196e21054ad6486b526b8d520838.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d8eeb2512760e93258fb05e5d7fe12017c5196e21054ad6486b526b8d520838.dll,#1
  2⤵
  PID:672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/672-54-0x0000000000000000-mapping.dmp

Download
memory/672-55-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download