eef66ce59e1b0d36db229aaa6c41f820b6f4a4f3d513b45e9295fc4a6d9eec07 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220331-en
submitted
13-04-2022 19:59

Sharing

Report Analysis Logs

General

Target

3360-148-0x0000000009CF0000-0x000000000A21C000-memory.dll
Size

5.2MB
MD5

d32ede505316ce23f522a4e49b4d867b
SHA1

8a7269b7ab0463bbd615870a54b3fb882f4fa37e
SHA256

eef66ce59e1b0d36db229aaa6c41f820b6f4a4f3d513b45e9295fc4a6d9eec07
SHA512

b8ba5397638a427937d5d343175ed6a835103a4c44e04216219397f858c40f542142427121620016423b93bcc301a620a5f060620846e536325e620e74f11cb2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 336	1456	rundll32.exe	28
PID 1456 wrote to memory of 336	1456	rundll32.exe	28
PID 1456 wrote to memory of 336	1456	rundll32.exe	28
PID 1456 wrote to memory of 336	1456	rundll32.exe	28
PID 1456 wrote to memory of 336	1456	rundll32.exe	28
PID 1456 wrote to memory of 336	1456	rundll32.exe	28
PID 1456 wrote to memory of 336	1456	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3360-148-0x0000000009CF0000-0x000000000A21C000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3360-148-0x0000000009CF0000-0x000000000A21C000-memory.dll,#1
  2⤵
  PID:336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/336-55-0x00000000755B1000-0x00000000755B3000-memory.dmp

Filesize
8KB

Download