7c294284e335b093fedec96c754d4b2630bffa9cabe4596cbc0d8d3ff3727660 | Triage

Analysis

max time kernel
1628s
max time network
1631s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31-01-2023 05:31

Sharing

Report Analysis Logs

General

Target

clrjit_dump.dll
Size

548KB
MD5

bb3c1b827cba1a09c708610c564be8ec
SHA1

ce850503d10d2710dbe25850a804e713b7373cae
SHA256

7c294284e335b093fedec96c754d4b2630bffa9cabe4596cbc0d8d3ff3727660
SHA512

393fb7a9dd03725670fe1285de765f9aaca19c10459ecc6aca75baa0c79b5c44d2a5dab8edbb07ba0ee1352fae438e7c9fb3522d6783601709c2b9cc38a8a50c
SSDEEP

12288:rlk72WGvN7z5DxbOhRF+61+QfcfhwTHCWcX/WtpF:raGvN7z5DxbURFH1vfcfhXVXUF

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1752 wrote to memory of 1812	1752	rundll32.exe	rundll32.exe
PID 1752 wrote to memory of 1812	1752	rundll32.exe	rundll32.exe
PID 1752 wrote to memory of 1812	1752	rundll32.exe	rundll32.exe
PID 1752 wrote to memory of 1812	1752	rundll32.exe	rundll32.exe
PID 1752 wrote to memory of 1812	1752	rundll32.exe	rundll32.exe
PID 1752 wrote to memory of 1812	1752	rundll32.exe	rundll32.exe
PID 1752 wrote to memory of 1812	1752	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\clrjit_dump.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\clrjit_dump.dll,#1
2⤵
PID:1812

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1812-54-0x0000000000000000-mapping.dmp

Download
memory/1812-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download