8de5cba541edd74b188e8689fcb2282f6f2b01db88021de7c66a0c416ebb76ba | Triage

Analysis

max time kernel
44s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-06-2022 18:45

Sharing

Report Analysis Logs

General

Target

624-57-0x0000000000290000-0x00000000002B2000-memory.dll
Size

136KB
MD5

a2e5b6f6fc7d63b2e629718834494b95
SHA1

fc6d2bfda1d3630b8520aa4fcf85711b009f0674
SHA256

8de5cba541edd74b188e8689fcb2282f6f2b01db88021de7c66a0c416ebb76ba
SHA512

b53d066b35bf356ae2393d039df9536853b53279eca18c339a41d4cd8852e31ca6e0da0f87690953c576f9c73349da0612e400565bc5483f6a15177831eabb0b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1452 wrote to memory of 1668	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1668	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1668	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1668	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1668	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1668	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1668	1452	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\624-57-0x0000000000290000-0x00000000002B2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1452

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\624-57-0x0000000000290000-0x00000000002B2000-memory.dll,#1
2⤵
PID:1668

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-54-0x0000000000000000-mapping.dmp

Download
memory/1668-55-0x0000000075EF1000-0x0000000075EF3000-memory.dmp

Filesize
8KB

Download