22e6baf4d3e4dba5f6f3ab349700d0169eeeb4a989b20b64a6aefba8be9fa64a | Triage

Analysis

max time kernel
3s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 19:27

Sharing

Report Analysis Logs

General

Target

file.dll
Size

164KB
MD5

d017828944f5365b17520051ac994d03
SHA1

7a5b42b5645b9685dc3864a860dd3f4a042ffc50
SHA256

22e6baf4d3e4dba5f6f3ab349700d0169eeeb4a989b20b64a6aefba8be9fa64a
SHA512

58e259497c0cc3bec6527685d33afa9137fcb5640be1c57b390a2ef69b1878d34f72723f5587d984d84a5b5558961a8731285b4cf3c3b733a931bd6a4d8eb4c0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1912 wrote to memory of 1884	1912	rundll32.exe	rundll32.exe
PID 1912 wrote to memory of 1884	1912	rundll32.exe	rundll32.exe
PID 1912 wrote to memory of 1884	1912	rundll32.exe	rundll32.exe
PID 1912 wrote to memory of 1884	1912	rundll32.exe	rundll32.exe
PID 1912 wrote to memory of 1884	1912	rundll32.exe	rundll32.exe
PID 1912 wrote to memory of 1884	1912	rundll32.exe	rundll32.exe
PID 1912 wrote to memory of 1884	1912	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
2⤵
PID:1884

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-0-0x0000000000000000-mapping.dmp

Download