91a8d66f5c1f651e0f60c456fa8dd06347f69be8ba5542f9c6781e6714962fa9 | Triage

Analysis

max time kernel
6s
max time network
39s
platform
windows7_x64
resource
win7v20210408
submitted
30-07-2021 09:06

Sharing

Report Analysis Logs

General

Target

GGLanguage_Pub.dll
Size

178KB
MD5

c15964d74d3f6d3376a751c7095110fa
SHA1

63b0e8bd2d50ae1a3b9d416dcc3adabb9cc9777e
SHA256

c1592a3d46e87dc684cf1a2de547ee2ec68023e7df219c85d2cb1ab71c6267fd
SHA512

b728516df4113e24635ccc42dec51cf003ba668836370e9f3ecc39b3655b70c339b6edd0aeaab7b4035c549a2f698ef80c5f13b9f2ebc643f0d3105557277ca8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1892 wrote to memory of 1048	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1048	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1048	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1048	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1048	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1048	1892	rundll32.exe	rundll32.exe
PID 1892 wrote to memory of 1048	1892	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GGLanguage_Pub.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1892

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GGLanguage_Pub.dll,#1
2⤵
PID:1048

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1048-60-0x0000000000000000-mapping.dmp

Download
memory/1048-61-0x0000000075D51000-0x0000000075D53000-memory.dmp

Filesize
8KB

Download