eca13d1e0473c37c36a410c7afe6c0364188b93520e236327e07d8fa8b94a9d9 | Triage

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:44

Sharing

Report Analysis Logs

General

Target

eca13d1e0473c37c36a410c7afe6c0364188b93520e236327e07d8fa8b94a9d9.dll
Size

3KB
MD5

135e2af6aa143beeb837033f22ad7120
SHA1

eb0da323ccfaa298561be16c04d471addac1add7
SHA256

eca13d1e0473c37c36a410c7afe6c0364188b93520e236327e07d8fa8b94a9d9
SHA512

9c583326020d16e551dc1b67a309a0aa0bd0fcd14da51e3b1731c219314215bd06544d3f90a1f604e7e1006a7d22cb429041d40fb8afd0520018cf3ae72c8f14

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1476	1096	rundll32.exe	26
PID 1096 wrote to memory of 1476	1096	rundll32.exe	26
PID 1096 wrote to memory of 1476	1096	rundll32.exe	26
PID 1096 wrote to memory of 1476	1096	rundll32.exe	26
PID 1096 wrote to memory of 1476	1096	rundll32.exe	26
PID 1096 wrote to memory of 1476	1096	rundll32.exe	26
PID 1096 wrote to memory of 1476	1096	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eca13d1e0473c37c36a410c7afe6c0364188b93520e236327e07d8fa8b94a9d9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eca13d1e0473c37c36a410c7afe6c0364188b93520e236327e07d8fa8b94a9d9.dll,#1
  2⤵
  PID:1476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1476-55-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download