568219c9dfd3a01bb651d4220c799fd3b34958cb79dd52f0696b57b7e1b1a217 | Triage

Analysis

max time kernel
39s
max time network
43s
platform
windows7_x64
resource
win7-20220414-en
submitted
26-06-2022 21:28

Sharing

Report Analysis Logs

General

Target

1944-56-0x00000000002C0000-0x00000000002E2000-memory.dll
Size

136KB
MD5

e1520038a485684bf12d2517f54600d3
SHA1

0d60df84b27db70671b864ffb21f33cfe235a950
SHA256

568219c9dfd3a01bb651d4220c799fd3b34958cb79dd52f0696b57b7e1b1a217
SHA512

91a62eba1b082a56ee4846272bdf245eeddbcfdaa7172fe44498da82a05069fff3d8b77c5171769050ec33373ae9fb6c353ddc40827eb41791f660ae9cc4e76c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1884 wrote to memory of 240	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 240	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 240	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 240	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 240	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 240	1884	rundll32.exe	rundll32.exe
PID 1884 wrote to memory of 240	1884	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-56-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1884

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-56-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
2⤵
PID:240

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/240-54-0x0000000000000000-mapping.dmp

Download
memory/240-55-0x0000000075191000-0x0000000075193000-memory.dmp

Filesize
8KB

Download