0e3e47697539f1773fb53114ab53229c0304d86ed35aec05e5f5bfdf3bd35f9a | Triage

Analysis

max time kernel
21s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
04-06-2022 19:33

Sharing

Report Analysis Logs

General

Target

wsc.dll
Size

76KB
MD5

fc83d5c67de996607b0a59d70e6ff711
SHA1

c44c923ab0331d3f7cee588eb73464ce93cf4ce4
SHA256

5a795c4b2a1a9c76791a516822ae0c9ec9d02780c41d2f6a6960a4ea15d68e34
SHA512

11cd6230ec8906dd91a2719bccb82f59bcbc027ba94959a7aae5614c4e8f9669d736abdaade1cc0d1183bb7db3a7391fc7be14c6e5685e312e5f48a625c83f81

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1524 wrote to memory of 1748	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1748	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1748	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1748	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1748	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1748	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1748	1524	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wsc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1524

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wsc.dll,#1
2⤵
PID:1748

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-54-0x0000000000000000-mapping.dmp

Download
memory/1748-55-0x0000000076851000-0x0000000076853000-memory.dmp

Filesize
8KB

Download