b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-en-20211208
submitted
14-12-2021 08:04

Sharing

Report Analysis Logs

General

Target

tmp/b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll
Size

42KB
MD5

82ccb90da20b65bcdad25bdd5a7d6f05
SHA1

ecea5d6a57c1e23010b45d4d04dcc1ffda19e5fe
SHA256

b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a
SHA512

d85d570d5269cfc945b764d3530680c5910b152247893f5b8a1d108a16b52704547e754d5cda59392aeb28d417ad8e0534c75cee06d3bc636190ebece4cc4a61

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1528 wrote to memory of 1584	1528	rundll32.exe	rundll32.exe
PID 1528 wrote to memory of 1584	1528	rundll32.exe	rundll32.exe
PID 1528 wrote to memory of 1584	1528	rundll32.exe	rundll32.exe
PID 1528 wrote to memory of 1584	1528	rundll32.exe	rundll32.exe
PID 1528 wrote to memory of 1584	1528	rundll32.exe	rundll32.exe
PID 1528 wrote to memory of 1584	1528	rundll32.exe	rundll32.exe
PID 1528 wrote to memory of 1584	1528	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp\b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1528

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp\b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll,#1
2⤵
PID:1584

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1584-54-0x0000000000000000-mapping.dmp

Download
memory/1584-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download