7977254e16954c30b9d5b9df44d7f64a5c31b02b7f0b5914bcf38cf58629788f | Triage

Analysis

max time kernel
4294063s
max time network
114s
platform
windows7_x64
resource
win7-20220311-en
submitted
20-03-2022 03:33

Sharing

Report Analysis Logs

General

Target

7977254e16954c30b9d5b9df44d7f64a5c31b02b7f0b5914bcf38cf58629788f.dll
Size

2.5MB
MD5

d2fd1958fbd742713a8d6d6f0380737c
SHA1

96cef29e960e1ec4daa42cc3d46925c355cf0491
SHA256

7977254e16954c30b9d5b9df44d7f64a5c31b02b7f0b5914bcf38cf58629788f
SHA512

ba5e29eeaf4b7b3960c52c9a3b62de68cf336f033883da3b440e460ff9d222272bda4c425717665efedf60f6083b359763dc9190b16a81ee3f65c52478b23eb2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1328 wrote to memory of 1492	1328	rundll32.exe	rundll32.exe
PID 1328 wrote to memory of 1492	1328	rundll32.exe	rundll32.exe
PID 1328 wrote to memory of 1492	1328	rundll32.exe	rundll32.exe
PID 1328 wrote to memory of 1492	1328	rundll32.exe	rundll32.exe
PID 1328 wrote to memory of 1492	1328	rundll32.exe	rundll32.exe
PID 1328 wrote to memory of 1492	1328	rundll32.exe	rundll32.exe
PID 1328 wrote to memory of 1492	1328	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7977254e16954c30b9d5b9df44d7f64a5c31b02b7f0b5914bcf38cf58629788f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1328

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7977254e16954c30b9d5b9df44d7f64a5c31b02b7f0b5914bcf38cf58629788f.dll,#1
2⤵
PID:1492

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1492-54-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download