b1fb95368c961ca9d884628e63b19a009b359a736ce90532faf2532dbeb91cdd | Triage

Analysis

max time kernel
36s
max time network
39s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-06-2022 15:08

Sharing

Report Analysis Logs

General

Target

4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614.dll
Size

2.7MB
MD5

e8521910af59327a456d52e94e93eb92
SHA1

0e1bda5903de2c3172f2cd01291b45b6a4250fca
SHA256

b1fb95368c961ca9d884628e63b19a009b359a736ce90532faf2532dbeb91cdd
SHA512

98d2e94f22666397dbe930ff9069286fd04f97233ac857621c3374f51399e6bfaa4e60a6457c20908efe7db2cd55ca91690860ca4203abb794cc6f146ab320c9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 848 wrote to memory of 1796	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1796	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1796	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1796	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1796	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1796	848	rundll32.exe	rundll32.exe
PID 848 wrote to memory of 1796	848	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614.dll,#1
2⤵
PID:1796

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1796-54-0x0000000000000000-mapping.dmp

Download
memory/1796-55-0x0000000075951000-0x0000000075953000-memory.dmp

Filesize
8KB

Download