a136ba9a5582e0f317934712213eb7bd3758fad92750e02218e29671bda99957 | Triage

Analysis

max time kernel
34s
max time network
41s
platform
windows7_x64
resource
win7-20220414-en
submitted
18-04-2022 15:30

Sharing

Report Analysis Logs

General

Target

a136ba9a5582e0f317934712213eb7bd3758fad92750e02218e29671bda99957.dll
Size

667KB
MD5

be4aefb22447f242df181e65db380687
SHA1

39699d67309a9b8817707a69a915ca0a0a57c607
SHA256

a136ba9a5582e0f317934712213eb7bd3758fad92750e02218e29671bda99957
SHA512

fe1c3667ad73732c27bc48a3a7a64a7ec25e8c0bdc057131e73cacfb01dff5828b507d91b1257f2aa09b6b2cb911ff53b6d5d29e50b32c6ef8c7bfac4eb96029

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1276 wrote to memory of 1972	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 1972	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 1972	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 1972	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 1972	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 1972	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 1972	1276	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a136ba9a5582e0f317934712213eb7bd3758fad92750e02218e29671bda99957.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1276

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a136ba9a5582e0f317934712213eb7bd3758fad92750e02218e29671bda99957.dll,#1
2⤵
PID:1972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-54-0x0000000000000000-mapping.dmp

Download
memory/1972-55-0x00000000756E1000-0x00000000756E3000-memory.dmp

Filesize
8KB

Download