c0bc2e385cd985d5424653ca5893363a190d3654b5f40aa859c9517efc773733 | Triage

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 02:56

Sharing

Report Analysis Logs

General

Target

c0bc2e385cd985d5424653ca5893363a190d3654b5f40aa859c9517efc773733.dll
Size

244KB
MD5

5e538a1244700a3fe9365a6694f8893e
SHA1

b19e2216579d88e581344e587a88983985652eaf
SHA256

c0bc2e385cd985d5424653ca5893363a190d3654b5f40aa859c9517efc773733
SHA512

cc012413af7e54fe5cf56d81b5da39a5b5e06b00fedffad10ecf43a11ec3282b426d4d95134bce6ec96d28c6c7ce48eecb39ea7e230887a8039f3a858099cf04

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 1260	1292	rundll32.exe	17
PID 1292 wrote to memory of 1260	1292	rundll32.exe	17
PID 1292 wrote to memory of 1260	1292	rundll32.exe	17
PID 1292 wrote to memory of 1260	1292	rundll32.exe	17
PID 1292 wrote to memory of 1260	1292	rundll32.exe	17
PID 1292 wrote to memory of 1260	1292	rundll32.exe	17
PID 1292 wrote to memory of 1260	1292	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0bc2e385cd985d5424653ca5893363a190d3654b5f40aa859c9517efc773733.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0bc2e385cd985d5424653ca5893363a190d3654b5f40aa859c9517efc773733.dll,#1
  2⤵
  PID:1260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1260-55-0x0000000075501000-0x0000000075503000-memory.dmp

Filesize
8KB

Download