232f85990535f5e478688cea7599d9645a716945201934452b116428a6974aef

General

Target

1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Size

136KB
MD5

f3425adbbc731abfa8239ba5e20a9699
SHA1

1a45001618edb55e6a640c6176face69856f8e39
SHA256

232f85990535f5e478688cea7599d9645a716945201934452b116428a6974aef
SHA512

2fa2e3ed96833c49428a1acfa45e79398b826cbe6ecc842ddafcd1770a90be443c3ce9ae76727e3d7d36d903ba84ecb562c79829379c1fc2ef2e854daf82b75a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 57 IoCs

Processes:

rundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exerundll32.exe

description	pid	process	target process
PID 2328 wrote to memory of 4052	2328	rundll32.exe	rundll32.exe
PID 2328 wrote to memory of 4052	2328	rundll32.exe	rundll32.exe
PID 2328 wrote to memory of 4052	2328	rundll32.exe	rundll32.exe
PID 4052 wrote to memory of 2224	4052	rundll32.exe	rundll32.exe
PID 4052 wrote to memory of 2224	4052	rundll32.exe	rundll32.exe
PID 4052 wrote to memory of 2224	4052	rundll32.exe	rundll32.exe
PID 2224 wrote to memory of 4144	2224	rundll32.exe	rundll32.exe
PID 2224 wrote to memory of 4144	2224	rundll32.exe	rundll32.exe
PID 2224 wrote to memory of 4144	2224	rundll32.exe	rundll32.exe
PID 4144 wrote to memory of 4916	4144	rundll32.exe	rundll32.exe
PID 4144 wrote to memory of 4916	4144	rundll32.exe	rundll32.exe
PID 4144 wrote to memory of 4916	4144	rundll32.exe	rundll32.exe
PID 4916 wrote to memory of 3436	4916	rundll32.exe	rundll32.exe
PID 4916 wrote to memory of 3436	4916	rundll32.exe	rundll32.exe
PID 4916 wrote to memory of 3436	4916	rundll32.exe	rundll32.exe
PID 3436 wrote to memory of 424	3436	rundll32.exe	rundll32.exe
PID 3436 wrote to memory of 424	3436	rundll32.exe	rundll32.exe
PID 3436 wrote to memory of 424	3436	rundll32.exe	rundll32.exe
PID 424 wrote to memory of 4444	424	rundll32.exe	rundll32.exe
PID 424 wrote to memory of 4444	424	rundll32.exe	rundll32.exe
PID 424 wrote to memory of 4444	424	rundll32.exe	rundll32.exe
PID 4444 wrote to memory of 4552	4444	rundll32.exe	rundll32.exe
PID 4444 wrote to memory of 4552	4444	rundll32.exe	rundll32.exe
PID 4444 wrote to memory of 4552	4444	rundll32.exe	rundll32.exe
PID 4552 wrote to memory of 3084	4552	rundll32.exe	rundll32.exe
PID 4552 wrote to memory of 3084	4552	rundll32.exe	rundll32.exe
PID 4552 wrote to memory of 3084	4552	rundll32.exe	rundll32.exe
PID 3084 wrote to memory of 3800	3084	rundll32.exe	rundll32.exe
PID 3084 wrote to memory of 3800	3084	rundll32.exe	rundll32.exe
PID 3084 wrote to memory of 3800	3084	rundll32.exe	rundll32.exe
PID 3800 wrote to memory of 3392	3800	rundll32.exe	rundll32.exe
PID 3800 wrote to memory of 3392	3800	rundll32.exe	rundll32.exe
PID 3800 wrote to memory of 3392	3800	rundll32.exe	rundll32.exe
PID 3392 wrote to memory of 3616	3392	rundll32.exe	rundll32.exe
PID 3392 wrote to memory of 3616	3392	rundll32.exe	rundll32.exe
PID 3392 wrote to memory of 3616	3392	rundll32.exe	rundll32.exe
PID 3616 wrote to memory of 4488	3616	rundll32.exe	rundll32.exe
PID 3616 wrote to memory of 4488	3616	rundll32.exe	rundll32.exe
PID 3616 wrote to memory of 4488	3616	rundll32.exe	rundll32.exe
PID 4488 wrote to memory of 4432	4488	rundll32.exe	rundll32.exe
PID 4488 wrote to memory of 4432	4488	rundll32.exe	rundll32.exe
PID 4488 wrote to memory of 4432	4488	rundll32.exe	rundll32.exe
PID 4432 wrote to memory of 1752	4432	rundll32.exe	rundll32.exe
PID 4432 wrote to memory of 1752	4432	rundll32.exe	rundll32.exe
PID 4432 wrote to memory of 1752	4432	rundll32.exe	rundll32.exe
PID 1752 wrote to memory of 4924	1752	rundll32.exe	rundll32.exe
PID 1752 wrote to memory of 4924	1752	rundll32.exe	rundll32.exe
PID 1752 wrote to memory of 4924	1752	rundll32.exe	rundll32.exe
PID 4924 wrote to memory of 4060	4924	rundll32.exe	rundll32.exe
PID 4924 wrote to memory of 4060	4924	rundll32.exe	rundll32.exe
PID 4924 wrote to memory of 4060	4924	rundll32.exe	rundll32.exe
PID 4060 wrote to memory of 568	4060	rundll32.exe	rundll32.exe
PID 4060 wrote to memory of 568	4060	rundll32.exe	rundll32.exe
PID 4060 wrote to memory of 568	4060	rundll32.exe	rundll32.exe
PID 568 wrote to memory of 4272	568	rundll32.exe	rundll32.exe
PID 568 wrote to memory of 4272	568	rundll32.exe	rundll32.exe
PID 568 wrote to memory of 4272	568	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2328

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:4052

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
3⤵
- Suspicious use of WriteProcessMemory
PID:2224

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
4⤵
- Suspicious use of WriteProcessMemory
PID:4144

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
5⤵
- Suspicious use of WriteProcessMemory
PID:4916

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
6⤵
- Suspicious use of WriteProcessMemory
PID:3436

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
7⤵
- Suspicious use of WriteProcessMemory
PID:424

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
8⤵
- Suspicious use of WriteProcessMemory
PID:4444

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
9⤵
- Suspicious use of WriteProcessMemory
PID:4552

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
10⤵
- Suspicious use of WriteProcessMemory
PID:3084

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
11⤵
- Suspicious use of WriteProcessMemory
PID:3800

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3392

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:3616

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
3⤵
- Suspicious use of WriteProcessMemory
PID:4488

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
4⤵
- Suspicious use of WriteProcessMemory
PID:4432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
5⤵
- Suspicious use of WriteProcessMemory
PID:1752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
6⤵
- Suspicious use of WriteProcessMemory
PID:4924

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
7⤵
- Suspicious use of WriteProcessMemory
PID:4060

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
8⤵
- Suspicious use of WriteProcessMemory
PID:568

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
9⤵
PID:4272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/424-135-0x0000000000000000-mapping.dmp

Download
memory/568-147-0x0000000000000000-mapping.dmp

Download
memory/1752-144-0x0000000000000000-mapping.dmp

Download
memory/2224-131-0x0000000000000000-mapping.dmp

Download
memory/3084-138-0x0000000000000000-mapping.dmp

Download
memory/3392-140-0x0000000000000000-mapping.dmp

Download
memory/3436-134-0x0000000000000000-mapping.dmp

Download
memory/3616-141-0x0000000000000000-mapping.dmp

Download
memory/3800-139-0x0000000000000000-mapping.dmp

Download
memory/4052-130-0x0000000000000000-mapping.dmp

Download
memory/4060-146-0x0000000000000000-mapping.dmp

Download
memory/4144-132-0x0000000000000000-mapping.dmp

Download
memory/4272-148-0x0000000000000000-mapping.dmp

Download
memory/4432-143-0x0000000000000000-mapping.dmp

Download
memory/4444-136-0x0000000000000000-mapping.dmp

Download
memory/4488-142-0x0000000000000000-mapping.dmp

Download
memory/4552-137-0x0000000000000000-mapping.dmp

Download
memory/4916-133-0x0000000000000000-mapping.dmp

Download
memory/4924-145-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing