0add4d916d801a5bfc97a33db181a14871c627d166ac5d010a0b4312cd6d9139 | Triage

Analysis

max time kernel
41s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-06-2022 03:59

Sharing

Report Analysis Logs

General

Target

1356-57-0x0000000000780000-0x00000000007A2000-memory.dll
Size

136KB
MD5

dda78907e690e91f324395fd63b7bb71
SHA1

2954a87190b2b0f9ecbeab7c8d54dcd37916a711
SHA256

0add4d916d801a5bfc97a33db181a14871c627d166ac5d010a0b4312cd6d9139
SHA512

2c14cc28181a5340e81163c3465feaf8fe4401ee1599cc2883742b661eb0da0f6be44c8cfd8729e261e0c9667b0e7a725947927233da3a7e042b00add2c8460d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1968 wrote to memory of 676	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 676	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 676	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 676	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 676	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 676	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 676	1968	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1356-57-0x0000000000780000-0x00000000007A2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1356-57-0x0000000000780000-0x00000000007A2000-memory.dll,#1
2⤵
PID:676

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/676-54-0x0000000000000000-mapping.dmp

Download
memory/676-55-0x0000000075EF1000-0x0000000075EF3000-memory.dmp

Filesize
8KB

Download