d8cca1666aa4989857dd44bfa0ec14571527be9a3a72dae519ff67a2b8f4de2e | Triage

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
23-05-2022 23:48

Sharing

Report Analysis Logs

General

Target

d8cca1666aa4989857dd44bfa0ec14571527be9a3a72dae519ff67a2b8f4de2e.dll
Size

164KB
MD5

4ddc4c10f348e34445cae6ebac80bf87
SHA1

54fa2d553b774fa273e254ea8a9484f17a4b8747
SHA256

d8cca1666aa4989857dd44bfa0ec14571527be9a3a72dae519ff67a2b8f4de2e
SHA512

d91730d1e1bcaa5e58b1a9cebee04d2634d80094ae953e3c329acb5476960bdb79dc0a3bc5b8da2836c3646a90ba91d5126b47b5e83f88dab7b05c7650700c58

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1224 wrote to memory of 1348	1224	rundll32.exe	rundll32.exe
PID 1224 wrote to memory of 1348	1224	rundll32.exe	rundll32.exe
PID 1224 wrote to memory of 1348	1224	rundll32.exe	rundll32.exe
PID 1224 wrote to memory of 1348	1224	rundll32.exe	rundll32.exe
PID 1224 wrote to memory of 1348	1224	rundll32.exe	rundll32.exe
PID 1224 wrote to memory of 1348	1224	rundll32.exe	rundll32.exe
PID 1224 wrote to memory of 1348	1224	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8cca1666aa4989857dd44bfa0ec14571527be9a3a72dae519ff67a2b8f4de2e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1224

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8cca1666aa4989857dd44bfa0ec14571527be9a3a72dae519ff67a2b8f4de2e.dll,#1
2⤵
PID:1348

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1348-55-0x0000000076531000-0x0000000076533000-memory.dmp

Filesize
8KB

Download
memory/1348-54-0x0000000000000000-mapping.dmp

Download