bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14 | Triage

Analysis

max time kernel
40s
max time network
52s
platform
windows7_x64
resource
win7-20220414-en
submitted
18-04-2022 15:30

Sharing

Report Analysis Logs

General

Target

bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14.dll
Size

667KB
MD5

21b83a88c298e9c0a3b2a3b5e08825e0
SHA1

d34b71691a0cdc8fce8eef97f1c84bfa467a7ac1
SHA256

bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14
SHA512

34035bca3741a01aacdb026fff43b9160b3dadb67b2ff82646c5c6e930a39b9120b90940e0c64c9947489bb81830230c609e99d04788b71ca4f7c7120ecc0c0c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 336	636	rundll32.exe	28
PID 636 wrote to memory of 336	636	rundll32.exe	28
PID 636 wrote to memory of 336	636	rundll32.exe	28
PID 636 wrote to memory of 336	636	rundll32.exe	28
PID 636 wrote to memory of 336	636	rundll32.exe	28
PID 636 wrote to memory of 336	636	rundll32.exe	28
PID 636 wrote to memory of 336	636	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14.dll,#1
  2⤵
  PID:336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/336-55-0x0000000075781000-0x0000000075783000-memory.dmp

Filesize
8KB

Download