bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14 | Triage

Analysis

max time kernel
40s
max time network
52s
platform
windows7_x64
resource
win7-20220414-en
submitted
18-04-2022 15:30

Sharing

Report Analysis Logs

General

Target

bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14.dll
Size

667KB
MD5

21b83a88c298e9c0a3b2a3b5e08825e0
SHA1

d34b71691a0cdc8fce8eef97f1c84bfa467a7ac1
SHA256

bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14
SHA512

34035bca3741a01aacdb026fff43b9160b3dadb67b2ff82646c5c6e930a39b9120b90940e0c64c9947489bb81830230c609e99d04788b71ca4f7c7120ecc0c0c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 636 wrote to memory of 336	636	rundll32.exe	rundll32.exe
PID 636 wrote to memory of 336	636	rundll32.exe	rundll32.exe
PID 636 wrote to memory of 336	636	rundll32.exe	rundll32.exe
PID 636 wrote to memory of 336	636	rundll32.exe	rundll32.exe
PID 636 wrote to memory of 336	636	rundll32.exe	rundll32.exe
PID 636 wrote to memory of 336	636	rundll32.exe	rundll32.exe
PID 636 wrote to memory of 336	636	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:636

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14.dll,#1
2⤵
PID:336

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/336-54-0x0000000000000000-mapping.dmp

Download
memory/336-55-0x0000000075781000-0x0000000075783000-memory.dmp

Filesize
8KB

Download