2bc93648ffc475cd4e5258f381132866cddfd8c0d5adf6be3d6218cb750ac5f3 | Triage

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
15-06-2022 00:57

Sharing

Report Analysis Logs

General

Target

2bc93648ffc475cd4e5258f381132866cddfd8c0d5adf6be3d6218cb750ac5f3.dll
Size

164KB
MD5

ea08eab00bd36a9669d4594e3e1a219e
SHA1

b936291ce6ff28985aaec7d9369bb6af3e4caf7a
SHA256

2bc93648ffc475cd4e5258f381132866cddfd8c0d5adf6be3d6218cb750ac5f3
SHA512

001f046068e93f65d5c975571e4e13662e79d2390c49d3eb0caa68848d609528f0c51b2bb948d6ed110f3e75235574a1e2e8603e6866ecd81b1d81cb051a2959

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe
PID 1624 wrote to memory of 1932	1624	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bc93648ffc475cd4e5258f381132866cddfd8c0d5adf6be3d6218cb750ac5f3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1624

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bc93648ffc475cd4e5258f381132866cddfd8c0d5adf6be3d6218cb750ac5f3.dll,#1
2⤵
PID:1932

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1932-54-0x0000000000000000-mapping.dmp

Download
memory/1932-55-0x0000000075C71000-0x0000000075C73000-memory.dmp

Filesize
8KB

Download