69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c | Triage

Resubmissions

04-12-2023 13:00

231204-p8vffabc2s 10

18-04-2022 15:30

220418-sxy62adeen 10

Analysis

max time kernel
39s
max time network
43s
platform
windows7_x64
resource
win7-20220414-en
submitted
18-04-2022 15:30

Sharing

Report Analysis Logs

General

Target

69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c.dll
Size

667KB
MD5

14329d9e980e7a427e941f7d5d71365c
SHA1

07ede188c7e143443eb8fcd9dfa347481b34fcc2
SHA256

69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c
SHA512

6fa538242f02dbf469a9c9ea4ddbdaa628001796b367106d711cb5a38c507badf04194d85f5c3e277ff0742c2bf1873b8e3c68afd9ade8b998ec7c7c442c8e33

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 304 wrote to memory of 1912	304	rundll32.exe	rundll32.exe
PID 304 wrote to memory of 1912	304	rundll32.exe	rundll32.exe
PID 304 wrote to memory of 1912	304	rundll32.exe	rundll32.exe
PID 304 wrote to memory of 1912	304	rundll32.exe	rundll32.exe
PID 304 wrote to memory of 1912	304	rundll32.exe	rundll32.exe
PID 304 wrote to memory of 1912	304	rundll32.exe	rundll32.exe
PID 304 wrote to memory of 1912	304	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c.dll,#1
  2⤵
  PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1912-54-0x0000000000000000-mapping.dmp

Download
memory/1912-55-0x0000000075311000-0x0000000075313000-memory.dmp

Filesize
8KB

Download