0ec8eff45c314050b4db7b496e8dd9f2bf92672cb0c2bca939e5f225281993de | Triage

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220414-en
submitted
04-06-2022 17:46

Sharing

Report Analysis Logs

General

Target

0ec8eff45c314050b4db7b496e8dd9f2bf92672cb0c2bca939e5f225281993de.dll
Size

164KB
MD5

6292c8c2c15a0ca798795465005bbe3c
SHA1

391f2971ace53fb10f0bedd006eb43efcdcb1aa5
SHA256

0ec8eff45c314050b4db7b496e8dd9f2bf92672cb0c2bca939e5f225281993de
SHA512

b657e2f07b3ee64ef2f12e9d6540e016c2db3c23a0f4311867762931031a8f7858a74d234e2550211d0f334cf2833c1a94567f08efe4605589a76b25220a0b18

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1948 wrote to memory of 1920	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1920	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1920	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1920	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1920	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1920	1948	rundll32.exe	rundll32.exe
PID 1948 wrote to memory of 1920	1948	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ec8eff45c314050b4db7b496e8dd9f2bf92672cb0c2bca939e5f225281993de.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ec8eff45c314050b4db7b496e8dd9f2bf92672cb0c2bca939e5f225281993de.dll,#1
2⤵
PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1920-54-0x0000000000000000-mapping.dmp

Download
memory/1920-55-0x0000000075401000-0x0000000075403000-memory.dmp

Filesize
8KB

Download