29eeb96134e88d61433cff8342549aae73fb68bb7cc037febb9b87846a2531ec | Triage

Analysis

max time kernel
4294181s
max time network
139s
platform
windows7_x64
resource
win7-20220311-en
submitted
20-03-2022 07:10

Sharing

Report Analysis Logs

General

Target

29eeb96134e88d61433cff8342549aae73fb68bb7cc037febb9b87846a2531ec.dll
Size

206KB
MD5

e8ae682eebf5c33bf0d325923a0bbe6d
SHA1

ec1e96bd76db278f75f3054fc1776cea89d1e0ce
SHA256

29eeb96134e88d61433cff8342549aae73fb68bb7cc037febb9b87846a2531ec
SHA512

b371db0ccf2f32e91549ef2798b2c8699c2300bac06bb4fe08bab5e637a2f7f06f73fe1fc63f05677d7b3bda4940f53b33140e6b6f455073407acc6566dd9904

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 520 wrote to memory of 556	520	rundll32.exe	rundll32.exe
PID 520 wrote to memory of 556	520	rundll32.exe	rundll32.exe
PID 520 wrote to memory of 556	520	rundll32.exe	rundll32.exe
PID 520 wrote to memory of 556	520	rundll32.exe	rundll32.exe
PID 520 wrote to memory of 556	520	rundll32.exe	rundll32.exe
PID 520 wrote to memory of 556	520	rundll32.exe	rundll32.exe
PID 520 wrote to memory of 556	520	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29eeb96134e88d61433cff8342549aae73fb68bb7cc037febb9b87846a2531ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:520

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29eeb96134e88d61433cff8342549aae73fb68bb7cc037febb9b87846a2531ec.dll,#1
2⤵
PID:556

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/556-54-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download