671e144deb5cfb9701d1c062cbead0ad88dc3281e7753beb03bfa7253f744b05 | Triage

Analysis

max time kernel
33s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

671e144deb5cfb9701d1c062cbead0ad88dc3281e7753beb03bfa7253f744b05.dll
Size

3KB
MD5

25cedbb90e042ea657468e4537df7f60
SHA1

8fedbafc45fa6c84cb2f1e959c202f11e802107b
SHA256

671e144deb5cfb9701d1c062cbead0ad88dc3281e7753beb03bfa7253f744b05
SHA512

9fefc692b46f5d164328e741ed0f9ace13343411ff695bc58e5d601f9081e19b7574189e4e7d8ee4d77e804f2ed6b55dad67a9cbfab1f1cae2ded70e27341fa7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27
PID 1108 wrote to memory of 1712	1108	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\671e144deb5cfb9701d1c062cbead0ad88dc3281e7753beb03bfa7253f744b05.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\671e144deb5cfb9701d1c062cbead0ad88dc3281e7753beb03bfa7253f744b05.dll,#1
  2⤵
  PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1712-55-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download