983ab29803b4e82654a114965e36f78fdd37f05fe91b493231a4b943241d1de8 | Triage

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-06-2022 20:36

Sharing

Report Analysis Logs

General

Target

1796-57-0x00000000001F0000-0x0000000000212000-memory.dll
Size

136KB
MD5

35e96e99303783ff5307056772b0ade3
SHA1

79806b14df66b5b7ebd503b9e8af6864b559c443
SHA256

983ab29803b4e82654a114965e36f78fdd37f05fe91b493231a4b943241d1de8
SHA512

444476c54ef44fd9943275b42f69d5914dfcd73ec0bf117e7c969f9576621c4f1750982caac09323ae381b01e032e1ab20d8c9b9ac971f016b7ef8e97052bb03

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1400 wrote to memory of 1388	1400	rundll32.exe	rundll32.exe
PID 1400 wrote to memory of 1388	1400	rundll32.exe	rundll32.exe
PID 1400 wrote to memory of 1388	1400	rundll32.exe	rundll32.exe
PID 1400 wrote to memory of 1388	1400	rundll32.exe	rundll32.exe
PID 1400 wrote to memory of 1388	1400	rundll32.exe	rundll32.exe
PID 1400 wrote to memory of 1388	1400	rundll32.exe	rundll32.exe
PID 1400 wrote to memory of 1388	1400	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1796-57-0x00000000001F0000-0x0000000000212000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1400

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1796-57-0x00000000001F0000-0x0000000000212000-memory.dll,#1
2⤵
PID:1388

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1388-54-0x0000000000000000-mapping.dmp

Download
memory/1388-55-0x0000000075E41000-0x0000000075E43000-memory.dmp

Filesize
8KB

Download