3339b6583d38272cebd9ebfb71b3b0d582111dd144bad01574f6301e66df3249 | Triage

Analysis

max time kernel
31s
max time network
51s
platform
windows7_x64
resource
win7-20220414-en
submitted
18-04-2022 15:31

Sharing

Report Analysis Logs

General

Target

3339b6583d38272cebd9ebfb71b3b0d582111dd144bad01574f6301e66df3249.dll
Size

1.6MB
MD5

230191db3261029a7a170936d783ed59
SHA1

54bf5e9e7d0e84e9eaa9539f109b165df55e72c9
SHA256

3339b6583d38272cebd9ebfb71b3b0d582111dd144bad01574f6301e66df3249
SHA512

6fac72dd92550dfc29a7c86cc7fb45d49649874908021eab652f308431323191a21c618008cb9c57a47be3cf5e2105f003b7ac142f3029febe100ed83a149d16

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1988 wrote to memory of 1876	1988	rundll32.exe	rundll32.exe
PID 1988 wrote to memory of 1876	1988	rundll32.exe	rundll32.exe
PID 1988 wrote to memory of 1876	1988	rundll32.exe	rundll32.exe
PID 1988 wrote to memory of 1876	1988	rundll32.exe	rundll32.exe
PID 1988 wrote to memory of 1876	1988	rundll32.exe	rundll32.exe
PID 1988 wrote to memory of 1876	1988	rundll32.exe	rundll32.exe
PID 1988 wrote to memory of 1876	1988	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3339b6583d38272cebd9ebfb71b3b0d582111dd144bad01574f6301e66df3249.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1988

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3339b6583d38272cebd9ebfb71b3b0d582111dd144bad01574f6301e66df3249.dll,#1
2⤵
PID:1876

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1876-54-0x0000000000000000-mapping.dmp

Download
memory/1876-55-0x0000000075371000-0x0000000075373000-memory.dmp

Filesize
8KB

Download