757831a57ccd3e48aa195958f0ea417adf26393f3bfa46c83aad9bbbdbff0bac | Triage

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:54

Sharing

Report Analysis Logs

General

Target

757831a57ccd3e48aa195958f0ea417adf26393f3bfa46c83aad9bbbdbff0bac.dll
Size

3KB
MD5

be91850912ca7cff851e4b718118d900
SHA1

c0335009ffdacfb85b6f024deee762a5487d7e7f
SHA256

757831a57ccd3e48aa195958f0ea417adf26393f3bfa46c83aad9bbbdbff0bac
SHA512

89217d2b03e2210b6319be064b3a29bea6ec3df3461b16e917754c32f5e73cfcfeb5e530af7274d4df3fa79ec1e4db04c4fcbc5f2c98d62d7b379446ffaddfc5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 1932	1896	rundll32.exe	28
PID 1896 wrote to memory of 1932	1896	rundll32.exe	28
PID 1896 wrote to memory of 1932	1896	rundll32.exe	28
PID 1896 wrote to memory of 1932	1896	rundll32.exe	28
PID 1896 wrote to memory of 1932	1896	rundll32.exe	28
PID 1896 wrote to memory of 1932	1896	rundll32.exe	28
PID 1896 wrote to memory of 1932	1896	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\757831a57ccd3e48aa195958f0ea417adf26393f3bfa46c83aad9bbbdbff0bac.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\757831a57ccd3e48aa195958f0ea417adf26393f3bfa46c83aad9bbbdbff0bac.dll,#1
  2⤵
  PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1932-55-0x0000000076181000-0x0000000076183000-memory.dmp

Filesize
8KB

Download