fe92ba37ac1124c880983da60dd4b32bc8d82a180c5784bb72f9a0df41950a17 | Triage

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
19-04-2022 02:33

Sharing

Report Analysis Logs

General

Target

fe92ba37ac1124c880983da60dd4b32bc8d82a180c5784bb72f9a0df41950a17.dll
Size

652KB
MD5

3164bff4a716e80bd44e623135f93f82
SHA1

f1b87e225d149464eee3781808dd9ccf293d221b
SHA256

fe92ba37ac1124c880983da60dd4b32bc8d82a180c5784bb72f9a0df41950a17
SHA512

0165f96a030e97160a65a4e75a2663ae0447a0d3990a007a2bc27c510bb836eba127224219dbaa91d728c77e0686d064ea10fb871f74325158d8fb0d88c68da9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe92ba37ac1124c880983da60dd4b32bc8d82a180c5784bb72f9a0df41950a17.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe92ba37ac1124c880983da60dd4b32bc8d82a180c5784bb72f9a0df41950a17.dll,#1
2⤵
PID:1884

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-54-0x0000000000000000-mapping.dmp

Download
memory/1884-55-0x00000000758D1000-0x00000000758D3000-memory.dmp

Filesize
8KB

Download