6feb59e3a87b97539ba5be533cef98d9e450746f6d28e646b53ae07b96d3eea9 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-06-2022 18:01

Sharing

Report Analysis Logs

General

Target

2032-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Size

136KB
MD5

d39b947a8921fa094990a5597793df84
SHA1

abcd6c238607020cd9f7025d9d3c990e0afe5204
SHA256

6feb59e3a87b97539ba5be533cef98d9e450746f6d28e646b53ae07b96d3eea9
SHA512

137e60fbdba679a32c6563965e4b1fe326a7bfd19c0bc107c89cffbc72f7183bb71fa9ad0e97a0123c9bd49271a7b41f06ae7100d56076683a96008d1524c25b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1976 wrote to memory of 888	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 888	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 888	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 888	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 888	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 888	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 888	1976	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2032-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2032-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
2⤵
PID:888

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/888-54-0x0000000000000000-mapping.dmp

Download
memory/888-55-0x00000000750C1000-0x00000000750C3000-memory.dmp

Filesize
8KB

Download