8680837cefa0baf00e77919cc01f39d421649012c5f5370fdf04be4ebc006274 | Triage

Analysis

max time kernel
4294179s
max time network
121s
platform
windows7_x64
resource
win7-20220311-en
submitted
31-03-2022 14:48

Sharing

Report Analysis Logs

General

Target

1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dll
Size

6.4MB
MD5

c842f250d6855a0182937ccc80a01f52
SHA1

9dd46c4f12344d620d4564675846e44cdaaea668
SHA256

8680837cefa0baf00e77919cc01f39d421649012c5f5370fdf04be4ebc006274
SHA512

5e8b7ce9c57e1960f56f5ac65dd8249596400c694999aede9df08d368010b83412dccc0c035a02cb62526e461fcf6969d4f5eeb57e3cb44b99acdf41cc5060cf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1092	1104	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dll,#1
2⤵
PID:1092

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1092-54-0x0000000000000000-mapping.dmp

Download
memory/1092-55-0x0000000074F31000-0x0000000074F33000-memory.dmp

Filesize
8KB

Download