058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780 | Triage

Analysis

max time kernel
6s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
17-04-2022 14:49

Sharing

Report Analysis Logs

General

Target

058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll
Size

576KB
MD5

8f738a7381504430a708006466b9f065
SHA1

784e1a0840827c287e39ec91b8e5dd8f11ce12ad
SHA256

058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780
SHA512

8abb366e9f2adc46b9b4d58dc2824247bd2a6447c0958bab903d167bfcdd340c94c5281c3de89c476399752b8cfb995e88d685fcae589d467ce3f9dd1020206e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 1680	1792	rundll32.exe	28
PID 1792 wrote to memory of 1680	1792	rundll32.exe	28
PID 1792 wrote to memory of 1680	1792	rundll32.exe	28
PID 1792 wrote to memory of 1680	1792	rundll32.exe	28
PID 1792 wrote to memory of 1680	1792	rundll32.exe	28
PID 1792 wrote to memory of 1680	1792	rundll32.exe	28
PID 1792 wrote to memory of 1680	1792	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll,#1
  2⤵
  PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download