9106117da853d8baa45ff6fdbf1ceada81dd4c2ce896787e445170a8d8c13148 | Triage

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 03:35

Sharing

Report Analysis Logs

General

Target

9106117da853d8baa45ff6fdbf1ceada81dd4c2ce896787e445170a8d8c13148.dll
Size

164KB
MD5

f45b3caa097afbdd50358ede4042a88f
SHA1

685757998c553c84433410423daf9d5c9b6068c4
SHA256

9106117da853d8baa45ff6fdbf1ceada81dd4c2ce896787e445170a8d8c13148
SHA512

bf33d5439e01bece4efd21f356fa8619d0dc5dcb72e0c7366c6c3e82f8a909233281633a2cb67e7f92518d6e1dd374961dbfe0a07277a234f33f0bf623620c1f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2044 wrote to memory of 884	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 884	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 884	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 884	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 884	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 884	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 884	2044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9106117da853d8baa45ff6fdbf1ceada81dd4c2ce896787e445170a8d8c13148.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9106117da853d8baa45ff6fdbf1ceada81dd4c2ce896787e445170a8d8c13148.dll,#1
2⤵
PID:884

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/884-54-0x0000000000000000-mapping.dmp

Download
memory/884-55-0x0000000075441000-0x0000000075443000-memory.dmp

Filesize
8KB

Download