3177896e5f53f34670557dfa351e4c73d77a178bc1aa62030dd995d335a9a981 | Triage

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-06-2022 22:34

Sharing

Report Analysis Logs

General

Target

3177896e5f53f34670557dfa351e4c73d77a178bc1aa62030dd995d335a9a981.dll
Size

164KB
MD5

d5e42a58e793d9b488f46d77b38f92af
SHA1

433b8d938d3778b07c36b998eff618892e83236e
SHA256

3177896e5f53f34670557dfa351e4c73d77a178bc1aa62030dd995d335a9a981
SHA512

6de37ca575a7859051ca4db0a8691843a11a437bd0e592ca1da04ddc5380103baea1d0cdc95e3e2f3ac345f35b2479bc6aad1ac81929a45b8219f5931c870b27

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1824 wrote to memory of 1224	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 1224	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 1224	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 1224	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 1224	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 1224	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 1224	1824	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3177896e5f53f34670557dfa351e4c73d77a178bc1aa62030dd995d335a9a981.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1824

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3177896e5f53f34670557dfa351e4c73d77a178bc1aa62030dd995d335a9a981.dll,#1
2⤵
PID:1224

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1224-54-0x0000000000000000-mapping.dmp

Download
memory/1224-55-0x0000000075E41000-0x0000000075E43000-memory.dmp

Filesize
8KB

Download