2fea45f7be7c7313ee6e4fe7ad9ef64d9966a2391003a00dcbbd6214e9c522ef | Triage

Analysis

max time kernel
27s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-06-2022 18:17

Sharing

Report Analysis Logs

General

Target

2fea45f7be7c7313ee6e4fe7ad9ef64d9966a2391003a00dcbbd6214e9c522ef.dll
Size

164KB
MD5

7354af1a63f222ede4c9e0a6f84d57c2
SHA1

e6ebf8b4a340bc7f6043112eac16b46c13ce924f
SHA256

2fea45f7be7c7313ee6e4fe7ad9ef64d9966a2391003a00dcbbd6214e9c522ef
SHA512

08d0647c8731957e3d4bf9aeb5ffc8a7c474413a2f9bb0ac7be7326655e062de6755c59562f56f10c140472fd5098848ff89c28a88ace87db2bca52bf2261732

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1880 wrote to memory of 288	1880	rundll32.exe	rundll32.exe
PID 1880 wrote to memory of 288	1880	rundll32.exe	rundll32.exe
PID 1880 wrote to memory of 288	1880	rundll32.exe	rundll32.exe
PID 1880 wrote to memory of 288	1880	rundll32.exe	rundll32.exe
PID 1880 wrote to memory of 288	1880	rundll32.exe	rundll32.exe
PID 1880 wrote to memory of 288	1880	rundll32.exe	rundll32.exe
PID 1880 wrote to memory of 288	1880	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fea45f7be7c7313ee6e4fe7ad9ef64d9966a2391003a00dcbbd6214e9c522ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1880

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fea45f7be7c7313ee6e4fe7ad9ef64d9966a2391003a00dcbbd6214e9c522ef.dll,#1
2⤵
PID:288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/288-54-0x0000000000000000-mapping.dmp

Download
memory/288-55-0x00000000755A1000-0x00000000755A3000-memory.dmp

Filesize
8KB

Download