14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 19:24

Sharing

Report Analysis Logs

General

Target

14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll
Size

24KB
MD5

c5cf6e70d5a5c489aa1c0326799dbe90
SHA1

a94ed3d673261d62f2959979272d8c8d17e6e7f3
SHA256

14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e
SHA512

7d9422e35d71a691c9cc62d4cbecb5f6b02d7754c348f0bd7a1085200d70624cf4b27e17804f7a069b5ae0b3a0e657693b7206a4a2ca8b5ed79bd71d9dc098f1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1068 wrote to memory of 1792	1068	rundll32.exe	rundll32.exe
PID 1068 wrote to memory of 1792	1068	rundll32.exe	rundll32.exe
PID 1068 wrote to memory of 1792	1068	rundll32.exe	rundll32.exe
PID 1068 wrote to memory of 1792	1068	rundll32.exe	rundll32.exe
PID 1068 wrote to memory of 1792	1068	rundll32.exe	rundll32.exe
PID 1068 wrote to memory of 1792	1068	rundll32.exe	rundll32.exe
PID 1068 wrote to memory of 1792	1068	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1068

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll,#1
2⤵
PID:1792

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1792-54-0x0000000000000000-mapping.dmp

Download
memory/1792-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download