525e65171ae087a5d835f7e3838101c81fa88390c498011891f44e67b3983c7a | Triage

Analysis

max time kernel
142s
max time network
139s
platform
windows7_x64
resource
win7-en-20211208
submitted
03-02-2022 10:58

Sharing

Report Analysis Logs

General

Target

525e65171ae087a5d835f7e3838101c81fa88390c498011891f44e67b3983c7a.dll
Size

15.7MB
MD5

0917fa630a2362b243048a1fbb6123a7
SHA1

03cf1586257c0d97e1ea163a300ef1d40b6495ec
SHA256

525e65171ae087a5d835f7e3838101c81fa88390c498011891f44e67b3983c7a
SHA512

6db97f3670c5aebc0e5e203d43ef6b6fcedd5a30f57e61af18052c50a8a59132a39fb4faa8adadbc2b458e4d8f49a43e4d20f3af2afba1c8e9add319f3da8f5c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1348 wrote to memory of 884	1348	rundll32.exe	rundll32.exe
PID 1348 wrote to memory of 884	1348	rundll32.exe	rundll32.exe
PID 1348 wrote to memory of 884	1348	rundll32.exe	rundll32.exe
PID 1348 wrote to memory of 884	1348	rundll32.exe	rundll32.exe
PID 1348 wrote to memory of 884	1348	rundll32.exe	rundll32.exe
PID 1348 wrote to memory of 884	1348	rundll32.exe	rundll32.exe
PID 1348 wrote to memory of 884	1348	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\525e65171ae087a5d835f7e3838101c81fa88390c498011891f44e67b3983c7a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\525e65171ae087a5d835f7e3838101c81fa88390c498011891f44e67b3983c7a.dll,#1
2⤵
PID:884

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/884-54-0x0000000075D61000-0x0000000075D63000-memory.dmp

Filesize
8KB

Download