1a6a5c5111d72fdb3d1454311ebb8af8d852b6246a1ed0253fd81d131a6f6355 | Triage

Analysis

max time kernel
49s
max time network
50s
platform
windows7_x64
resource
win7-20220414-en
submitted
08-06-2022 03:20

Sharing

Report Analysis Logs

General

Target

1a6a5c5111d72fdb3d1454311ebb8af8d852b6246a1ed0253fd81d131a6f6355.dll
Size

14KB
MD5

0b44fadd1dab5fc637d48c1cd54f54c7
SHA1

5c1f3925a28a87495fbcf02469be89fec6e24331
SHA256

1a6a5c5111d72fdb3d1454311ebb8af8d852b6246a1ed0253fd81d131a6f6355
SHA512

2dcd1b76025c59020a62897ca21f6425ed189148cf5fd9462e2bcd1973a5722b0c40e63c6bea21f286cdeffae7ad4fc9605c96b1e76d5b9babe0b85213e3dec1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1672 wrote to memory of 1044	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1044	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1044	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1044	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1044	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1044	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 1044	1672	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a6a5c5111d72fdb3d1454311ebb8af8d852b6246a1ed0253fd81d131a6f6355.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a6a5c5111d72fdb3d1454311ebb8af8d852b6246a1ed0253fd81d131a6f6355.dll,#1
  2⤵
  PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-54-0x0000000000000000-mapping.dmp

Download
memory/1044-55-0x00000000763C1000-0x00000000763C3000-memory.dmp

Filesize
8KB

Download