0ea3ec3dd5176d2b82514bc7a54547ed1652cc7df069130d55b4f4edd1fd08ef | Triage

Analysis

max time kernel
40s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
04-06-2022 18:15

Sharing

Report Analysis Logs

General

Target

0ea3ec3dd5176d2b82514bc7a54547ed1652cc7df069130d55b4f4edd1fd08ef.dll
Size

158KB
MD5

b2959275b12e672da9e2a5b0fd807028
SHA1

12394ae5f1c4118101928efc2ad6e3aa69d4be06
SHA256

0ea3ec3dd5176d2b82514bc7a54547ed1652cc7df069130d55b4f4edd1fd08ef
SHA512

65cf4f49863661dd3b468ffa08b3888f77eb4c1f4609277d3876adff8a92151ca0aaf00fad5bf9b69f00bd16aaa309d9a05c0789e169596521680fcb5abe1995

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1692 wrote to memory of 1708	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1708	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1708	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1708	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1708	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1708	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1708	1692	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ea3ec3dd5176d2b82514bc7a54547ed1652cc7df069130d55b4f4edd1fd08ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1692

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ea3ec3dd5176d2b82514bc7a54547ed1652cc7df069130d55b4f4edd1fd08ef.dll,#1
2⤵
PID:1708

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-54-0x0000000000000000-mapping.dmp

Download
memory/1708-55-0x00000000763E1000-0x00000000763E3000-memory.dmp

Filesize
8KB

Download