f69f2ce39da69d5d4b8474b41356af4e173db5edfbaa46fb1acec472c8d6b4a0 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-06-2022 20:33

Sharing

Report Analysis Logs

General

Target

1644-57-0x0000000000180000-0x00000000001A2000-memory.dll
Size

136KB
MD5

7df4795eafb4023a825b4502d561c2e5
SHA1

f2ca94c57734d739619d03f4a93769f5368ac3e7
SHA256

f69f2ce39da69d5d4b8474b41356af4e173db5edfbaa46fb1acec472c8d6b4a0
SHA512

49123e8d4177165eee9cb367e0988e42f60e0b40dc8e0323d5187e899218a5c31093034aa820a178e41f99a9f509809ab0151d692e835a8077ca334d91dd860f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 904 wrote to memory of 1688	904	rundll32.exe	rundll32.exe
PID 904 wrote to memory of 1688	904	rundll32.exe	rundll32.exe
PID 904 wrote to memory of 1688	904	rundll32.exe	rundll32.exe
PID 904 wrote to memory of 1688	904	rundll32.exe	rundll32.exe
PID 904 wrote to memory of 1688	904	rundll32.exe	rundll32.exe
PID 904 wrote to memory of 1688	904	rundll32.exe	rundll32.exe
PID 904 wrote to memory of 1688	904	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1644-57-0x0000000000180000-0x00000000001A2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:904

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1644-57-0x0000000000180000-0x00000000001A2000-memory.dll,#1
2⤵
PID:1688

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1688-54-0x0000000000000000-mapping.dmp

Download
memory/1688-55-0x00000000751C1000-0x00000000751C3000-memory.dmp

Filesize
8KB

Download