073a501d92273a4195f5b81e327f782c3ec9815849370d892189791f8ce580f9 | Triage

Analysis

max time kernel
20s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 14:54

Sharing

Report Analysis Logs

General

Target

073a501d92273a4195f5b81e327f782c3ec9815849370d892189791f8ce580f9.dll
Size

164KB
MD5

ddcb9c149bba28cf81de36b22a4c1dc7
SHA1

05844751639e2082df0f28beb271e5daf6e0f670
SHA256

073a501d92273a4195f5b81e327f782c3ec9815849370d892189791f8ce580f9
SHA512

28f5657b055c9424098e8d3941b2fc84b56210c4151ac0980f4453b2f986df955f020ddf11def3135244ce527eea0ddd04dabe388806b23417c4996f22d2fb26

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1908 wrote to memory of 1104	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1104	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1104	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1104	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1104	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1104	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1104	1908	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\073a501d92273a4195f5b81e327f782c3ec9815849370d892189791f8ce580f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\073a501d92273a4195f5b81e327f782c3ec9815849370d892189791f8ce580f9.dll,#1
2⤵
PID:1104

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1104-54-0x0000000000000000-mapping.dmp

Download
memory/1104-55-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

Filesize
8KB

Download