95b97a2b99386759975b8d81d0235d0a44826125d457968fbe014b1b5ff0a409 | Triage

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-en-20211208
submitted
28-01-2022 19:33

Sharing

Report Analysis Logs

General

Target

12.dll
Size

33.1MB
MD5

68c47f4d25dd3420b9fa3cc602533995
SHA1

0c9ff573a5abc51e401fa5f5fdae69ca4f92a725
SHA256

a2ec8513034ee7275d49239cd27086f2ea08ec17922a9fd19cfb26f0a5288d44
SHA512

0b4a0de0823739048a3a7a271e3a160484d2b59e895b408e7de702dcbe9a196125e521c9da72ebb6e1bb431d8fbd7c877545bd651e90ff9d039a71698f395dfe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1324	1308	rundll32.exe	27
PID 1308 wrote to memory of 1324	1308	rundll32.exe	27
PID 1308 wrote to memory of 1324	1308	rundll32.exe	27
PID 1308 wrote to memory of 1324	1308	rundll32.exe	27
PID 1308 wrote to memory of 1324	1308	rundll32.exe	27
PID 1308 wrote to memory of 1324	1308	rundll32.exe	27
PID 1308 wrote to memory of 1324	1308	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
  2⤵
  PID:1324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1324-54-0x0000000076451000-0x0000000076453000-memory.dmp

Filesize
8KB

Download
memory/1324-55-0x0000000001F70000-0x000000000409E000-memory.dmp

Filesize
33.2MB

Download