657becc2b3d5346490a4837a15a28eb68e0411fb207cb814217f64d8c16c79a4 | Triage

Analysis

max time kernel
36s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:55

Sharing

Report Analysis Logs

General

Target

657becc2b3d5346490a4837a15a28eb68e0411fb207cb814217f64d8c16c79a4.dll
Size

3KB
MD5

77198c541eed984932a51a6cac47c670
SHA1

12455fe2686fd1a944f53793f1e572b5f3d79b86
SHA256

657becc2b3d5346490a4837a15a28eb68e0411fb207cb814217f64d8c16c79a4
SHA512

e27f051459a8e969a258e907e56aa52c2d47fb7a573e5830ffdc966247b98e248d4c16ad264b025f54d6344140ac7c809dc3c038cc4265a6816f6bb2f1101063

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28
PID 744 wrote to memory of 1644	744	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\657becc2b3d5346490a4837a15a28eb68e0411fb207cb814217f64d8c16c79a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\657becc2b3d5346490a4837a15a28eb68e0411fb207cb814217f64d8c16c79a4.dll,#1
  2⤵
  PID:1644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1644-55-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download