ebe7a2c72e2e89732d435a7d491c9cd85f125b1584bb807f921b03dff9d16b94 | Triage

Analysis

max time kernel
3s
max time network
6s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
31-01-2022 15:54

Sharing

Report Analysis Logs

General

Target

if.dll
Size

1.5MB
MD5

deef80792ae5c52d3553453d124c0457
SHA1

b809c0a54e70d8d2377fc37a17d952ec98698670
SHA256

ebe7a2c72e2e89732d435a7d491c9cd85f125b1584bb807f921b03dff9d16b94
SHA512

61ecdee50c84792b88f8f1f65679d6141ee4b314d13bfb037c4a6af373d85ab8af6b389c813e5f158529f54321841d9540fdece77da283e876ff43202325bdfa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3156 wrote to memory of 3932	3156	rundll32.exe	rundll32.exe
PID 3156 wrote to memory of 3932	3156	rundll32.exe	rundll32.exe
PID 3156 wrote to memory of 3932	3156	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\if.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3156

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\if.dll,#1
2⤵
PID:3932

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3932-130-0x0000000002290000-0x0000000002414000-memory.dmp

Filesize
1.5MB

Download