253906f90c7308792510faa9e5804f954799f05c25d3d5cf357724407c984234 | Triage

Analysis

max time kernel
32s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-06-2022 19:48

Sharing

Report Analysis Logs

General

Target

253906f90c7308792510faa9e5804f954799f05c25d3d5cf357724407c984234.dll
Size

781KB
MD5

c540b3060453d48fcd241a644ffb1f87
SHA1

87846597fc99bbcb5f6a47151ad85c275e203374
SHA256

253906f90c7308792510faa9e5804f954799f05c25d3d5cf357724407c984234
SHA512

f74bf2374333c681f2a7e4292972896cb2edb95521d5d7da5c8026e98d9a825084d1420f6a1777acb7e2b9588fa442798f5e459807ce8ac0136e9fc2ec647347

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1408 wrote to memory of 1752	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1752	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1752	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1752	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1752	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1752	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1752	1408	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\253906f90c7308792510faa9e5804f954799f05c25d3d5cf357724407c984234.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1408

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\253906f90c7308792510faa9e5804f954799f05c25d3d5cf357724407c984234.dll,#1
2⤵
PID:1752

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1752-54-0x0000000000000000-mapping.dmp

Download
memory/1752-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download