159dc669510556c2fe0394083744684e7ddf1a2eb2e630857ed4444792a51e47 | Triage

Analysis

max time kernel
35s
max time network
38s
platform
windows7_x64
resource
win7-20220414-en
submitted
27-06-2022 11:37

Sharing

Report Analysis Logs

General

Target

360-57-0x0000000000890000-0x00000000008B2000-memory.dll
Size

136KB
MD5

3b39136891ad5f70286d1bfb7dfd7d73
SHA1

e17893140c2328fb91f84989ca4152d568181ec5
SHA256

159dc669510556c2fe0394083744684e7ddf1a2eb2e630857ed4444792a51e47
SHA512

42b5915dc5404d601ecdf7278e1caf1938e1fce4a61cb496317a8c9756cf43b0cf179ef977aa522b9d9ecf17437b2a1b45d13c424ede0be2ea50c86aae02845b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 240 wrote to memory of 560	240	rundll32.exe	rundll32.exe
PID 240 wrote to memory of 560	240	rundll32.exe	rundll32.exe
PID 240 wrote to memory of 560	240	rundll32.exe	rundll32.exe
PID 240 wrote to memory of 560	240	rundll32.exe	rundll32.exe
PID 240 wrote to memory of 560	240	rundll32.exe	rundll32.exe
PID 240 wrote to memory of 560	240	rundll32.exe	rundll32.exe
PID 240 wrote to memory of 560	240	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\360-57-0x0000000000890000-0x00000000008B2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:240

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\360-57-0x0000000000890000-0x00000000008B2000-memory.dll,#1
2⤵
PID:560

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/560-54-0x0000000000000000-mapping.dmp

Download
memory/560-55-0x00000000757C1000-0x00000000757C3000-memory.dmp

Filesize
8KB

Download