0bdf1060b85ad55e73393eb0b59c1d226e091da4f4dcce65dacba5e9a1fd76a7 | Triage

Analysis

max time kernel
150s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
17-06-2022 07:36

Sharing

Report Analysis Logs

General

Target

2022-06-16-Matanbuchus-DLL.dll
Size

401KB
MD5

f354998cefb35626ac34c77ca2a6d808
SHA1

0357cb803c5999d26e97928e9519fa8cf106d9b3
SHA256

0bdf1060b85ad55e73393eb0b59c1d226e091da4f4dcce65dacba5e9a1fd76a7
SHA512

245cb6e20d82ddf669531e7f051f7541edca580f8683285d02d53376b9a8126f4fc16f67e39cf48194f96124cfcdc718f8219a3737db038271a3a8c10444fb3e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 1696	1272	rundll32.exe	28
PID 1272 wrote to memory of 1696	1272	rundll32.exe	28
PID 1272 wrote to memory of 1696	1272	rundll32.exe	28
PID 1272 wrote to memory of 1696	1272	rundll32.exe	28
PID 1272 wrote to memory of 1696	1272	rundll32.exe	28
PID 1272 wrote to memory of 1696	1272	rundll32.exe	28
PID 1272 wrote to memory of 1696	1272	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2022-06-16-Matanbuchus-DLL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2022-06-16-Matanbuchus-DLL.dll,#1
  2⤵
  PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1696-55-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download