18d347001057c68c4f2ad1d2f5af73e2dfa69aa46466fa43b40d7da360b79c01 | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-en-20211208
submitted
01/02/2022, 10:03

Sharing

Report Analysis Logs

General

Target

18d347001057c68c4f2ad1d2f5af73e2dfa69aa46466fa43b40d7da360b79c01.dll
Size

140KB
MD5

1fe7f68f073ebf9162f1a46a5d45d43c
SHA1

f0e575475f33600aede6a1b9a5c14f671cb93b7b
SHA256

18d347001057c68c4f2ad1d2f5af73e2dfa69aa46466fa43b40d7da360b79c01
SHA512

1c2af46b7538d321d22f9619a575da43391ff9f5aeca09e6db687284e9baea2b56cd75818ec5b6f9b40c9c5bfbe6608e08e0fec4cf8efeec70bfe2cce93a48db

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1360	1732	rundll32.exe	27
PID 1732 wrote to memory of 1360	1732	rundll32.exe	27
PID 1732 wrote to memory of 1360	1732	rundll32.exe	27
PID 1732 wrote to memory of 1360	1732	rundll32.exe	27
PID 1732 wrote to memory of 1360	1732	rundll32.exe	27
PID 1732 wrote to memory of 1360	1732	rundll32.exe	27
PID 1732 wrote to memory of 1360	1732	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18d347001057c68c4f2ad1d2f5af73e2dfa69aa46466fa43b40d7da360b79c01.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18d347001057c68c4f2ad1d2f5af73e2dfa69aa46466fa43b40d7da360b79c01.dll,#1
  2⤵
  PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1360-55-0x0000000074F11000-0x0000000074F13000-memory.dmp

Filesize
8KB

Download