2bbc1a4cc2e10cac8860b033c2b7fe6b444dd8ceb7650943979f72b8c48c4fe4 | Triage

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-06-2022 12:33

Sharing

Report Analysis Logs

General

Target

2bbc1a4cc2e10cac8860b033c2b7fe6b444dd8ceb7650943979f72b8c48c4fe4.dll
Size

8.2MB
MD5

e96b1d4cda0124f14f5663c9736b3351
SHA1

3000fee8ee18f770ee5720835df56c0d72aa2849
SHA256

2bbc1a4cc2e10cac8860b033c2b7fe6b444dd8ceb7650943979f72b8c48c4fe4
SHA512

463374c008fca8d1559c61de34f48a333cda85e59475c5110325e385d013203fda6393fb86d3933b8fd8e394b3d9053d575d617e450430f71a0e2eed9f319eae

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 560 wrote to memory of 660	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 660	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 660	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 660	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 660	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 660	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 660	560	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bbc1a4cc2e10cac8860b033c2b7fe6b444dd8ceb7650943979f72b8c48c4fe4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:560

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bbc1a4cc2e10cac8860b033c2b7fe6b444dd8ceb7650943979f72b8c48c4fe4.dll,#1
2⤵
PID:660

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/660-54-0x0000000000000000-mapping.dmp

Download
memory/660-55-0x0000000075761000-0x0000000075763000-memory.dmp

Filesize
8KB

Download