675c05cdf9932032ec7eeb26f91324d7544686c5b42eb36d2441ad7146e88534 | Triage

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:55

Sharing

Report Analysis Logs

General

Target

675c05cdf9932032ec7eeb26f91324d7544686c5b42eb36d2441ad7146e88534.dll
Size

3KB
MD5

32a807a435ab7f9821e799b0dce35050
SHA1

71854463090ab93f46ce075b1902252a43d0b41b
SHA256

675c05cdf9932032ec7eeb26f91324d7544686c5b42eb36d2441ad7146e88534
SHA512

b8e57d1b2adbefb21db9906b23b2e5e9c3648dcc92829f48b4d0a2e8fb1cbbb24a8f71c4ea080cf93cc76bf9c752182089827535ce1fdbbf518f921cb121a4a8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1704	1928	rundll32.exe	26
PID 1928 wrote to memory of 1704	1928	rundll32.exe	26
PID 1928 wrote to memory of 1704	1928	rundll32.exe	26
PID 1928 wrote to memory of 1704	1928	rundll32.exe	26
PID 1928 wrote to memory of 1704	1928	rundll32.exe	26
PID 1928 wrote to memory of 1704	1928	rundll32.exe	26
PID 1928 wrote to memory of 1704	1928	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\675c05cdf9932032ec7eeb26f91324d7544686c5b42eb36d2441ad7146e88534.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\675c05cdf9932032ec7eeb26f91324d7544686c5b42eb36d2441ad7146e88534.dll,#1
  2⤵
  PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1704-55-0x00000000762B1000-0x00000000762B3000-memory.dmp

Filesize
8KB

Download