d543e15482a2ba4f71e763f1bc92db45bfe31b4f142bc7f231d8999ef43c55d2 | Triage

Analysis

max time kernel
38s
max time network
43s
platform
windows7_x64
resource
win7-20220414-en
submitted
27-04-2022 19:01

Sharing

Report Analysis Logs

General

Target

d543e15482a2ba4f71e763f1bc92db45bfe31b4f142bc7f231d8999ef43c55d2.dll
Size

96KB
MD5

732c6b97db146f3d93ffdfbab95068fc
SHA1

95ab33c31655d06f9cf993fad037fe3bc9cc4bb0
SHA256

d543e15482a2ba4f71e763f1bc92db45bfe31b4f142bc7f231d8999ef43c55d2
SHA512

e8d2b7d29e6c08c53046d9adabaf3478693287c61d89263f88c581b8d4c8c3765dd27fc5db682f79d97d532b843faf224c5d1e9890fb0087c11e366366f9ab93

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1444 wrote to memory of 1600	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 1600	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 1600	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 1600	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 1600	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 1600	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 1600	1444	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d543e15482a2ba4f71e763f1bc92db45bfe31b4f142bc7f231d8999ef43c55d2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1444

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d543e15482a2ba4f71e763f1bc92db45bfe31b4f142bc7f231d8999ef43c55d2.dll,#1
2⤵
PID:1600

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-54-0x0000000000000000-mapping.dmp

Download
memory/1600-55-0x0000000076431000-0x0000000076433000-memory.dmp

Filesize
8KB

Download
memory/1600-56-0x0000000000170000-0x0000000000187000-memory.dmp

Filesize
92KB

Download