1822bbc22c36c17c69e4c2cf1266eed5f9035c9bbbff14857ac369b29548203f | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
08-06-2022 18:23

Sharing

Report Analysis Logs

General

Target

1822bbc22c36c17c69e4c2cf1266eed5f9035c9bbbff14857ac369b29548203f.dll
Size

96KB
MD5

5fa0f71747dbb1dc52cf7bf9e0869335
SHA1

637f35a88e81e844ebd1988d6f88c5c310dd0992
SHA256

1822bbc22c36c17c69e4c2cf1266eed5f9035c9bbbff14857ac369b29548203f
SHA512

778c419c2adc5b14556e62ea8a19e35c15822872ced7d544fa1b4851004f4140dbd1adb3628805ce809093dc1694ad0f680c942ec4999810de7c0b32c3540b9c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1080 wrote to memory of 1212	1080	rundll32.exe	rundll32.exe
PID 1080 wrote to memory of 1212	1080	rundll32.exe	rundll32.exe
PID 1080 wrote to memory of 1212	1080	rundll32.exe	rundll32.exe
PID 1080 wrote to memory of 1212	1080	rundll32.exe	rundll32.exe
PID 1080 wrote to memory of 1212	1080	rundll32.exe	rundll32.exe
PID 1080 wrote to memory of 1212	1080	rundll32.exe	rundll32.exe
PID 1080 wrote to memory of 1212	1080	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1822bbc22c36c17c69e4c2cf1266eed5f9035c9bbbff14857ac369b29548203f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1080

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1822bbc22c36c17c69e4c2cf1266eed5f9035c9bbbff14857ac369b29548203f.dll,#1
2⤵
PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-54-0x0000000000000000-mapping.dmp

Download
memory/1212-55-0x00000000755C1000-0x00000000755C3000-memory.dmp

Filesize
8KB

Download