e01adf02103642003fc8f84fe295dffc1f06127d6128d1ce14c83019616bdb93 | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
23-06-2022 16:00

Sharing

Report Analysis Logs

General

Target

1672-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Size

136KB
MD5

21cf076ae45405f3d6687a85835adf95
SHA1

980351865a5a0cf59478f1b8dac38088f668fefd
SHA256

e01adf02103642003fc8f84fe295dffc1f06127d6128d1ce14c83019616bdb93
SHA512

a41887234967d63085a3ca3ae05d1472b8854bdad6a536817e8da9e8ffa77bc9f23a3d0e590a8b3cc354b241d4cc1e24a8a42234d40d04e15e5693efe18e15ef

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1684 wrote to memory of 2032	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 2032	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 2032	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 2032	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 2032	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 2032	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 2032	1684	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1672-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1672-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
2⤵
PID:2032

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-54-0x0000000000000000-mapping.dmp

Download
memory/2032-55-0x00000000752D1000-0x00000000752D3000-memory.dmp

Filesize
8KB

Download