65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe | Triage

Analysis

max time kernel
1610s
max time network
1615s
platform
windows7_x64
resource
win7-20220414-es
submitted
23-06-2022 23:10

Sharing

Report Analysis Logs

General

Target

65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll
Size

20.0MB
MD5

bf5aee7ba0ac7286f4879ca34ca63903
SHA1

9bc40c49a3dbc41f618d11f4b113f234c1713dc4
SHA256

65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe
SHA512

887125ea071749f717f5d39828b5ac200ee8f80aaedfe6b58167c0bfa68ec8e921c0cbbe63de8ad49eab8ff28c5c09d7b06aecf6e51df63f1195c257ddc4cd49

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1444 wrote to memory of 964	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 964	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 964	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 964	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 964	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 964	1444	rundll32.exe	rundll32.exe
PID 1444 wrote to memory of 964	1444	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1444

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll,#1
2⤵
PID:964

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x0000000000000000-mapping.dmp

Download
memory/964-55-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download