dbefad925e7c876dd2d5ffa4f541bb759de9f3633ce4640709dcd12aa41d7dc8 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220331-en
submitted
14-04-2022 11:30

Sharing

Report Analysis Logs

General

Target

shellcode.mz.dll
Size

203KB
MD5

df36111e9c238c1bbacbc671b7f32198
SHA1

6afd5cc8552d139fd86bad5acb39326221dd574a
SHA256

dbefad925e7c876dd2d5ffa4f541bb759de9f3633ce4640709dcd12aa41d7dc8
SHA512

1b9d13d79dabe57fb39ce9af1b12f7007c4d0ef39c3605ab3eb0d97101ca31a4f65f9c66c8e06f5ae64ef516384e772c2ca0906d759494b3141085867c582c26

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1008 wrote to memory of 1840	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1840	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1840	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1840	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1840	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1840	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1840	1008	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\shellcode.mz.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\shellcode.mz.dll,#1
2⤵
PID:1840

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1840-54-0x0000000000000000-mapping.dmp

Download
memory/1840-55-0x00000000769C1000-0x00000000769C3000-memory.dmp

Filesize
8KB

Download