c1a4d4cf7ec9cc1f2455eb27d2fc6842ea9a53eb4a9b86272ee0fad65cfa1708 | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
27-06-2022 11:03

Sharing

Report Analysis Logs

General

Target

1492-57-0x0000000000430000-0x0000000000452000-memory.dll
Size

136KB
MD5

b64ac6b5c5047ff2ef231e9dcc7e788e
SHA1

8c322f6bd81b0b69ae9aaa488226f1d64ba8a05f
SHA256

c1a4d4cf7ec9cc1f2455eb27d2fc6842ea9a53eb4a9b86272ee0fad65cfa1708
SHA512

c7ec47bfa367f25bfc83ed8e0951d375d1006570b8bdefe9895b6c1d75f6795086a6aefe67f233d053cfcf7264e539e3c5eaa345ed7bd4442f3881b1ce9c761e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 892 wrote to memory of 2020	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 2020	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 2020	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 2020	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 2020	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 2020	892	rundll32.exe	rundll32.exe
PID 892 wrote to memory of 2020	892	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1492-57-0x0000000000430000-0x0000000000452000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:892

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1492-57-0x0000000000430000-0x0000000000452000-memory.dll,#1
2⤵
PID:2020

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-54-0x0000000000000000-mapping.dmp

Download
memory/2020-55-0x0000000075441000-0x0000000075443000-memory.dmp

Filesize
8KB

Download