726e93a8aa83f8ee6c00ce7c656b33c735f4fff0e120e6f8e90987c5f8d5d1d0 | Triage

Analysis

max time kernel
38s
max time network
46s
platform
windows7_x64
resource
win7-20220331-en
submitted
05-04-2022 22:31

Sharing

Report Analysis Logs

General

Target

726e93a8aa83f8ee6c00ce7c656b33c735f4fff0e120e6f8e90987c5f8d5d1d0.dll
Size

13KB
MD5

5d951b5f89c57f0c0d86faef17768594
SHA1

1f6888ce0c45299d7657c12eac0dda4e7d8456b9
SHA256

726e93a8aa83f8ee6c00ce7c656b33c735f4fff0e120e6f8e90987c5f8d5d1d0
SHA512

da3c5b6dae39970a7f66f41b376424f77484c7e4df3d756c1795c97122ae05a3715ac8160a2bde9b3191bf296e9d5bad1767ca6ed9f01842d0b2cf1c6037188d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1660 wrote to memory of 1692	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 1692	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 1692	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 1692	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 1692	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 1692	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 1692	1660	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\726e93a8aa83f8ee6c00ce7c656b33c735f4fff0e120e6f8e90987c5f8d5d1d0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\726e93a8aa83f8ee6c00ce7c656b33c735f4fff0e120e6f8e90987c5f8d5d1d0.dll,#1
2⤵
PID:1692

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1692-54-0x0000000000000000-mapping.dmp

Download
memory/1692-55-0x0000000076501000-0x0000000076503000-memory.dmp

Filesize
8KB

Download