ecff5968d0d61c661b02207f8c28e7bcb227de6c82c4de21941f3c00b5a7e582 | Triage

Analysis

max time kernel
25s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 13:35

Sharing

Report Analysis Logs

General

Target

ecff5968d0d61c661b02207f8c28e7bcb227de6c82c4de21941f3c00b5a7e582.dll
Size

4KB
MD5

79b5af457bf0a461fc93b6414d34f717
SHA1

d187472efa3c943cedda4aefa7b0c01d1091a948
SHA256

ecff5968d0d61c661b02207f8c28e7bcb227de6c82c4de21941f3c00b5a7e582
SHA512

a2a34eb8c7fc12aad6ee408a87ebe88c11f32d987dabc270768c689534e12f8fe6783f1078b6a13ea071ff53cbf2d30b305a7252a64a4c16b4528becd6ee56ad

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1984	2044	rundll32.exe	28
PID 2044 wrote to memory of 1984	2044	rundll32.exe	28
PID 2044 wrote to memory of 1984	2044	rundll32.exe	28
PID 2044 wrote to memory of 1984	2044	rundll32.exe	28
PID 2044 wrote to memory of 1984	2044	rundll32.exe	28
PID 2044 wrote to memory of 1984	2044	rundll32.exe	28
PID 2044 wrote to memory of 1984	2044	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecff5968d0d61c661b02207f8c28e7bcb227de6c82c4de21941f3c00b5a7e582.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecff5968d0d61c661b02207f8c28e7bcb227de6c82c4de21941f3c00b5a7e582.dll,#1
  2⤵
  PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1984-55-0x0000000075631000-0x0000000075633000-memory.dmp

Filesize
8KB

Download