361a2e440efb33321aef224d1847a4f71ecb1645aa5cfd1b7d92a819f852f471 | Triage

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
26-06-2022 03:41

Sharing

Report Analysis Logs

General

Target

361a2e440efb33321aef224d1847a4f71ecb1645aa5cfd1b7d92a819f852f471.dll
Size

164KB
MD5

c65c1dbd1f8617ff2a9a6b75d9267d52
SHA1

c359fafb88f11a424b179997e6fe862870583f27
SHA256

361a2e440efb33321aef224d1847a4f71ecb1645aa5cfd1b7d92a819f852f471
SHA512

eb8eb52647e0b02b9174640049490864ff4188a44ed87eb08999bf550b2dc91db994c6704991e565869fa8d42af3863e8c8ee9e772a1513daf285226cc30b911

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1380 wrote to memory of 1672	1380	rundll32.exe	rundll32.exe
PID 1380 wrote to memory of 1672	1380	rundll32.exe	rundll32.exe
PID 1380 wrote to memory of 1672	1380	rundll32.exe	rundll32.exe
PID 1380 wrote to memory of 1672	1380	rundll32.exe	rundll32.exe
PID 1380 wrote to memory of 1672	1380	rundll32.exe	rundll32.exe
PID 1380 wrote to memory of 1672	1380	rundll32.exe	rundll32.exe
PID 1380 wrote to memory of 1672	1380	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\361a2e440efb33321aef224d1847a4f71ecb1645aa5cfd1b7d92a819f852f471.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1380

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\361a2e440efb33321aef224d1847a4f71ecb1645aa5cfd1b7d92a819f852f471.dll,#1
2⤵
PID:1672

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1672-54-0x0000000000000000-mapping.dmp

Download
memory/1672-55-0x0000000075871000-0x0000000075873000-memory.dmp

Filesize
8KB

Download