532e67f58bdc181f0df5428f72356c58a0bcfbd85b721564242983ac6e1e39bc | Triage

Analysis

max time kernel
24s
max time network
32s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 10:23

Sharing

Report Analysis Logs

General

Target

532e67f58bdc181f0df5428f72356c58a0bcfbd85b721564242983ac6e1e39bc.dll
Size

241KB
MD5

ffa77881125bf57404030e36da398409
SHA1

656b53696aa723ff9ff0df3181123b9acddeebf5
SHA256

532e67f58bdc181f0df5428f72356c58a0bcfbd85b721564242983ac6e1e39bc
SHA512

cfe44bde650e8379bbf005d42eeb1db24b25b513403ce3463abc1624bfb34256828fcdd7a87e936215d94c3ac4083d24c3f0e5d547f245ecb6fcd32abb074a84

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win.ini	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 2288	544	rundll32.exe	82
PID 544 wrote to memory of 2288	544	rundll32.exe	82
PID 544 wrote to memory of 2288	544	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\532e67f58bdc181f0df5428f72356c58a0bcfbd85b721564242983ac6e1e39bc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\532e67f58bdc181f0df5428f72356c58a0bcfbd85b721564242983ac6e1e39bc.dll,#1
  2⤵
  - Drops file in Windows directory
  PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2288-130-0x0000000075610000-0x000000007564F000-memory.dmp

Filesize
252KB

Download