232f85990535f5e478688cea7599d9645a716945201934452b116428a6974aef | Triage

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-06-2022 19:20

Sharing

Report Analysis Logs

General

Target

1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Size

136KB
MD5

f3425adbbc731abfa8239ba5e20a9699
SHA1

1a45001618edb55e6a640c6176face69856f8e39
SHA256

232f85990535f5e478688cea7599d9645a716945201934452b116428a6974aef
SHA512

2fa2e3ed96833c49428a1acfa45e79398b826cbe6ecc842ddafcd1770a90be443c3ce9ae76727e3d7d36d903ba84ecb562c79829379c1fc2ef2e854daf82b75a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 780 wrote to memory of 1928	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 1928	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 1928	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 1928	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 1928	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 1928	780	rundll32.exe	rundll32.exe
PID 780 wrote to memory of 1928	780	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:780

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
2⤵
PID:1928

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1928-54-0x0000000000000000-mapping.dmp

Download
memory/1928-55-0x0000000074E91000-0x0000000074E93000-memory.dmp

Filesize
8KB

Download