2d252c51a29f86032421df82524c6161c7a63876c4dc20faffa47929ec8a9d60 | Triage

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 19:23

Sharing

Report Analysis Logs

General

Target

2d252c51a29f86032421df82524c6161c7a63876c4dc20faffa47929ec8a9d60.dll
Size

6.4MB
MD5

49e7fb3c3eb9d8bc21c7c7e38cf787f1
SHA1

d5428a5316459f41fa5ae3cc254cf0cba32dd95c
SHA256

2d252c51a29f86032421df82524c6161c7a63876c4dc20faffa47929ec8a9d60
SHA512

5b4f3a0aceb02dd4557df21dab51b5a3003d0d9120ad875ad6fa2302524b1a416b982980eeb8728a207e74ea2b5b23cabe3fa65ff9716c19718fed84fb33e004

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 1884	1708	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d252c51a29f86032421df82524c6161c7a63876c4dc20faffa47929ec8a9d60.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d252c51a29f86032421df82524c6161c7a63876c4dc20faffa47929ec8a9d60.dll,#1
2⤵
PID:1884

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-54-0x0000000000000000-mapping.dmp

Download
memory/1884-55-0x00000000758D1000-0x00000000758D3000-memory.dmp

Filesize
8KB

Download