13f476ec8dba856b93c2b799dbf9994191d14e9dbc2c6d75c9ec3d8054144b3f | Triage

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-06-2022 02:44

Sharing

Report Analysis Logs

General

Target

36c3-malwarexchg-part3/6cb6fda0b353d411a30c5b945e53ea52.dll
Size

164KB
MD5

6cb6fda0b353d411a30c5b945e53ea52
SHA1

3ec48a25d70153e7bc09d39a93e5f725861da655
SHA256

bace25c1ec587d099b4c566b1a07978dd9cb3bd67c2acaa55d2e4644a7877070
SHA512

1b53d536ef48d5c0a0a6a0136a3d12f155d11b7a5a6f8be9c034bf78a2ccefc7a4d0e8e24e0936e64889e1039bf167a563d37f8ddb742080b5037c65f251811c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1256 wrote to memory of 1924	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1924	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1924	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1924	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1924	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1924	1256	rundll32.exe	rundll32.exe
PID 1256 wrote to memory of 1924	1256	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36c3-malwarexchg-part3\6cb6fda0b353d411a30c5b945e53ea52.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1256

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36c3-malwarexchg-part3\6cb6fda0b353d411a30c5b945e53ea52.dll,#1
2⤵
PID:1924

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-54-0x0000000000000000-mapping.dmp

Download
memory/1924-55-0x0000000075B61000-0x0000000075B63000-memory.dmp

Filesize
8KB

Download