f74199f59533fbbe57f0b2aae45c837b3ed5e4f5184e74c02e06c12c6535f0f9 | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 02:34

Sharing

Report Analysis Logs

General

Target

3UDBUTNY7YstRc.dll
Size

32KB
MD5

83d04f21515c7e6316f9cd0bb393a118
SHA1

e00b982a14835dae781bbbe06055d7d18acc6eb0
SHA256

a49133ed68bebb66412d3eb5d2b84ee71c393627906f574a29247d8699f1f38e
SHA512

ae8f75199bb7776b96d5069d0aa5e5e144948ed7d3072c2b7b4e0b99f9eea7dcab1890782b83eeee2c4b17b9a03a7094e4b1df7f659ec52c01dabb95daee21c6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1576 wrote to memory of 1792	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 1792	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 1792	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 1792	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 1792	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 1792	1576	rundll32.exe	rundll32.exe
PID 1576 wrote to memory of 1792	1576	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3UDBUTNY7YstRc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1576

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3UDBUTNY7YstRc.dll,#1
2⤵
PID:1792

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1792-54-0x00000000754B1000-0x00000000754B3000-memory.dmp

Filesize
8KB

Download