2011f4ed15d6ad002670fdfe8fffc2fbd7cff4c8e7bd9d16746f9884a79a24b1 | Triage

Analysis

max time kernel
39s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-06-2022 13:46

Sharing

Report Analysis Logs

General

Target

2011f4ed15d6ad002670fdfe8fffc2fbd7cff4c8e7bd9d16746f9884a79a24b1.dll
Size

164KB
MD5

3ad4c27f8d0e7135f401474811bd9b25
SHA1

9eb3c7f77134c49fbe1bdda2d2ef4fb6eb5377ce
SHA256

2011f4ed15d6ad002670fdfe8fffc2fbd7cff4c8e7bd9d16746f9884a79a24b1
SHA512

38bca02223716d44c209345c3a165264bb0a7009353c7e57db22ef7143e49a18ce1908e15abd5fae7b93e74c64c305b88bd32b5a862096b7c2b950a142e2f971

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1944 wrote to memory of 828	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 828	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 828	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 828	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 828	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 828	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 828	1944	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2011f4ed15d6ad002670fdfe8fffc2fbd7cff4c8e7bd9d16746f9884a79a24b1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1944

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2011f4ed15d6ad002670fdfe8fffc2fbd7cff4c8e7bd9d16746f9884a79a24b1.dll,#1
2⤵
PID:828

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/828-54-0x0000000000000000-mapping.dmp

Download
memory/828-55-0x00000000754A1000-0x00000000754A3000-memory.dmp

Filesize
8KB

Download