0be905402f868d6ca92a465a5ac91cd4d8ce452afdb13ad266651c796d75021d | Triage

Analysis

max time kernel
4294179s
max time network
129s
platform
windows7_x64
resource
win7-20220311-en
submitted
19-03-2022 09:16

Sharing

Report Analysis Logs

General

Target

0be905402f868d6ca92a465a5ac91cd4d8ce452afdb13ad266651c796d75021d.dll
Size

2.2MB
MD5

b4890fa81a5f21988e310f42e4f16b40
SHA1

14944be1c21e1712ac604e52bd5ce8370c2f5d75
SHA256

0be905402f868d6ca92a465a5ac91cd4d8ce452afdb13ad266651c796d75021d
SHA512

e8c5b199edbce0e1e502423ee1049dae06f6a311e9ac6e8a2069c3f26358c013a1e6d127d7ef950d3d7c58eb2f1ad171c90dc2a6601792dded68c671b6b397c5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1460 wrote to memory of 1084	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1084	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1084	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1084	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1084	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1084	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1084	1460	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0be905402f868d6ca92a465a5ac91cd4d8ce452afdb13ad266651c796d75021d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1460

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0be905402f868d6ca92a465a5ac91cd4d8ce452afdb13ad266651c796d75021d.dll,#1
2⤵
PID:1084

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1084-54-0x0000000075C41000-0x0000000075C43000-memory.dmp

Filesize
8KB

Download