091e19d9a1bad504e4822b738eba268d791d301483228b24803422918dcc9a60 | Triage

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
30-05-2022 19:37

Sharing

Report Analysis Logs

General

Target

091e19d9a1bad504e4822b738eba268d791d301483228b24803422918dcc9a60.dll
Size

164KB
MD5

fbf9bab6d2a338e3c740daa260cfd93d
SHA1

e1b4e31ac217f16ab65e4820dfd96646b2b645c9
SHA256

091e19d9a1bad504e4822b738eba268d791d301483228b24803422918dcc9a60
SHA512

d53937d4f28db4b73e0a5a527d06ee9850b925f4d506c58affeee8c27f656cf4ad5a80e7599419ea8d625c5edc2a48d648ef46f292802dcec41073a9313e8484

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\091e19d9a1bad504e4822b738eba268d791d301483228b24803422918dcc9a60.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1624

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\091e19d9a1bad504e4822b738eba268d791d301483228b24803422918dcc9a60.dll,#1
2⤵
PID:1932

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1932-54-0x0000000000000000-mapping.dmp

Download
memory/1932-55-0x0000000075C71000-0x0000000075C73000-memory.dmp

Filesize
8KB

Download