06c77562bdd0cc66c87571dd9424c3c340289f3a94f458df029a536c911d0100 | Triage

Analysis

max time kernel
117s
max time network
134s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 11:00

Sharing

Report Analysis Logs

General

Target

06c77562bdd0cc66c87571dd9424c3c340289f3a94f458df029a536c911d0100.dll
Size

55KB
MD5

70adbf361b9d7148e2e2f58b84322028
SHA1

ee8485039eec5095d933ff38b804e486a06f7f2c
SHA256

06c77562bdd0cc66c87571dd9424c3c340289f3a94f458df029a536c911d0100
SHA512

2a606ad3483752d7376a122808bf8ef561f4cf935ee753de2a1697e81eadc4aaf1850547cb77110bdf906945f00929816ac03299680dd0fe673ef5ad4ab6991e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1572 wrote to memory of 1620	1572	rundll32.exe	rundll32.exe
PID 1572 wrote to memory of 1620	1572	rundll32.exe	rundll32.exe
PID 1572 wrote to memory of 1620	1572	rundll32.exe	rundll32.exe
PID 1572 wrote to memory of 1620	1572	rundll32.exe	rundll32.exe
PID 1572 wrote to memory of 1620	1572	rundll32.exe	rundll32.exe
PID 1572 wrote to memory of 1620	1572	rundll32.exe	rundll32.exe
PID 1572 wrote to memory of 1620	1572	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06c77562bdd0cc66c87571dd9424c3c340289f3a94f458df029a536c911d0100.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1572

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06c77562bdd0cc66c87571dd9424c3c340289f3a94f458df029a536c911d0100.dll,#1
2⤵
PID:1620

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1620-54-0x0000000075D61000-0x0000000075D63000-memory.dmp

Filesize
8KB

Download