30f8137f89cd2a6ed4290c53d64fa955071a7c2f07d36c0df1b1472b53b406f8 | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-en-20211208
submitted
11-02-2022 04:19

Sharing

Report Analysis Logs

General

Target

30f8137f89cd2a6ed4290c53d64fa955071a7c2f07d36c0df1b1472b53b406f8.dll
Size

1.2MB
MD5

e1349991d92ffeb9b5e39ee3aaaaf2d9
SHA1

39a27e4bd2309801bdd7a382754d6d5af0610314
SHA256

30f8137f89cd2a6ed4290c53d64fa955071a7c2f07d36c0df1b1472b53b406f8
SHA512

862ff1747ba3c70050a9dc175b1114bc42e7f5814175db32ce6886c3819dad9a179516832189766880b52a988c3e260a50db666f59382c80f4dde5c2b881887d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1908 wrote to memory of 1716	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1716	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1716	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1716	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1716	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1716	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1716	1908	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\30f8137f89cd2a6ed4290c53d64fa955071a7c2f07d36c0df1b1472b53b406f8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\30f8137f89cd2a6ed4290c53d64fa955071a7c2f07d36c0df1b1472b53b406f8.dll,#1
2⤵
PID:1716

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1716-55-0x0000000076731000-0x0000000076733000-memory.dmp

Filesize
8KB

Download