c88f8d086be8dd345babad15c76490ef889af7eaecb015f3107ff039f0ed5f2d | Triage

Analysis

max time kernel
145s
max time network
130s
platform
windows7_x64
resource
win7-en-20210920
submitted
22-09-2021 11:39

Sharing

Report Analysis Logs

General

Target

7574.dll
Size

68KB
MD5

5f5aed43a3ee55f2727f1c1470a6db32
SHA1

7574a3cb7c27bd548e93309b0401e7ce48d22d76
SHA256

c88f8d086be8dd345babad15c76490ef889af7eaecb015f3107ff039f0ed5f2d
SHA512

a3912fb654538c73c57c9a60b8a67e60b2446f1c5824d068613722a576bdcd26ef8ea121ffb4831b140049cecafd49e6879426dab7312c9e7a7283e9ebd4ae7f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1128 wrote to memory of 1144	1128	rundll32.exe	rundll32.exe
PID 1128 wrote to memory of 1144	1128	rundll32.exe	rundll32.exe
PID 1128 wrote to memory of 1144	1128	rundll32.exe	rundll32.exe
PID 1128 wrote to memory of 1144	1128	rundll32.exe	rundll32.exe
PID 1128 wrote to memory of 1144	1128	rundll32.exe	rundll32.exe
PID 1128 wrote to memory of 1144	1128	rundll32.exe	rundll32.exe
PID 1128 wrote to memory of 1144	1128	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7574.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1128

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7574.dll,#1
2⤵
PID:1144

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1144-53-0x0000000000000000-mapping.dmp

Download
memory/1144-54-0x0000000074B41000-0x0000000074B43000-memory.dmp

Filesize
8KB

Download