6aa99d7028be2b553c132e478b59eeb082f17f9711087438dc3fac04b863e33a | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
27-06-2022 11:21

Sharing

Report Analysis Logs

General

Target

916-57-0x0000000000670000-0x0000000000692000-memory.dll
Size

136KB
MD5

94c7ebb9b4ebed7a8c8ab98f486bddbc
SHA1

4423d134e506c9041029f21389dc88f8c37c980b
SHA256

6aa99d7028be2b553c132e478b59eeb082f17f9711087438dc3fac04b863e33a
SHA512

0028bd14d6eb5e5cf96a6a2c7a06d682faaa1fd23fb11f681461bcbbf70194ffd3d2894c8abfcee2c0c79557911e7fa0cb40ca0cdd7f001234023f8d454f0514

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe
PID 1092 wrote to memory of 1984	1092	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\916-57-0x0000000000670000-0x0000000000692000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1092

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\916-57-0x0000000000670000-0x0000000000692000-memory.dll,#1
2⤵
PID:1984

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1984-54-0x0000000000000000-mapping.dmp

Download
memory/1984-55-0x0000000076571000-0x0000000076573000-memory.dmp

Filesize
8KB

Download