12bb06bc5da9d7f24634bb37a809ad69896c2eb47b7957846124fe09fbf573bf | Triage

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-06-2022 14:37

Sharing

Report Analysis Logs

General

Target

12bb06bc5da9d7f24634bb37a809ad69896c2eb47b7957846124fe09fbf573bf.dll
Size

164KB
MD5

b4fe61c29e23014fdab44ad0d8df1d2d
SHA1

2b76199d726a16d3c25d74b3562fa3bdf4bd3d52
SHA256

12bb06bc5da9d7f24634bb37a809ad69896c2eb47b7957846124fe09fbf573bf
SHA512

e54d0113f866a210371f49c4d79f844259cbc58bfbd198a16c7d7ce223d18ad0ba6f5c1cf9b93629b97f8062ef4955e9bdce7ea53256029de1a93c88bc382acf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12bb06bc5da9d7f24634bb37a809ad69896c2eb47b7957846124fe09fbf573bf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1092

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12bb06bc5da9d7f24634bb37a809ad69896c2eb47b7957846124fe09fbf573bf.dll,#1
2⤵
PID:1984

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1984-54-0x0000000000000000-mapping.dmp

Download
memory/1984-55-0x0000000076571000-0x0000000076573000-memory.dmp

Filesize
8KB

Download