06704bd07416c61583ad5929b39329a6d90c7299e64bb107c37973ed393df762 | Triage

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220414-en
submitted
31-05-2022 06:03

Sharing

Report Analysis Logs

General

Target

06704bd07416c61583ad5929b39329a6d90c7299e64bb107c37973ed393df762.dll
Size

164KB
MD5

ecf7748fac09f62da5e16cbc0956f973
SHA1

8ddff0ed4213273006943ab911a0358c6ca87d7f
SHA256

06704bd07416c61583ad5929b39329a6d90c7299e64bb107c37973ed393df762
SHA512

5b4396d10d4c25865f7b54b594ae5879ad86d36d80a15084ab9691c7f82314bf5c0200a1e2d8355aaf69a5a952d735f939508aaae3aa2ad66d623028673921b6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 800 wrote to memory of 852	800	rundll32.exe	rundll32.exe
PID 800 wrote to memory of 852	800	rundll32.exe	rundll32.exe
PID 800 wrote to memory of 852	800	rundll32.exe	rundll32.exe
PID 800 wrote to memory of 852	800	rundll32.exe	rundll32.exe
PID 800 wrote to memory of 852	800	rundll32.exe	rundll32.exe
PID 800 wrote to memory of 852	800	rundll32.exe	rundll32.exe
PID 800 wrote to memory of 852	800	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06704bd07416c61583ad5929b39329a6d90c7299e64bb107c37973ed393df762.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:800

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06704bd07416c61583ad5929b39329a6d90c7299e64bb107c37973ed393df762.dll,#1
2⤵
PID:852

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/852-54-0x0000000000000000-mapping.dmp

Download
memory/852-55-0x0000000076561000-0x0000000076563000-memory.dmp

Filesize
8KB

Download