058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780 | Triage

Analysis

max time kernel
6s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
17-04-2022 14:49

Sharing

Report Analysis Logs

General

Target

058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll
Size

576KB
MD5

8f738a7381504430a708006466b9f065
SHA1

784e1a0840827c287e39ec91b8e5dd8f11ce12ad
SHA256

058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780
SHA512

8abb366e9f2adc46b9b4d58dc2824247bd2a6447c0958bab903d167bfcdd340c94c5281c3de89c476399752b8cfb995e88d685fcae589d467ce3f9dd1020206e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1792 wrote to memory of 1680	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1680	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1680	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1680	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1680	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1680	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1680	1792	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1792

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll,#1
2⤵
PID:1680

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-54-0x0000000000000000-mapping.dmp

Download
memory/1680-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download