5228300b603ba8166b0fb14ed7e8fd7ab68a65a5cbed6605c90bed847282cfa5 | Triage

Analysis

max time kernel
55s
max time network
133s
platform
windows7_x64
resource
win7-20220414-en
submitted
30-06-2022 19:44

Sharing

Report Analysis Logs

General

Target

5228300b603ba8166b0fb14ed7e8fd7ab68a65a5cbed6605c90bed847282cfa5.dll
Size

426KB
MD5

42d2007c5c5a63e665e7e7afbb5c7f51
SHA1

d7bb0678ec9c47eefaf1ad2cd6c5851df8496ecb
SHA256

5228300b603ba8166b0fb14ed7e8fd7ab68a65a5cbed6605c90bed847282cfa5
SHA512

3e61c15c77bc62e60cd91c0d0cb9bc054c3dad7728047e9ad25b5bedb51ea00af5f07d7f08007b997e67161092b56c0c6b40feaed0419f8d2187e20839055fe9

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

1652 rundll32.exe
1652 rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1960 wrote to memory of 1652	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1652	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1652	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1652	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1652	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1652	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1652	1960	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5228300b603ba8166b0fb14ed7e8fd7ab68a65a5cbed6605c90bed847282cfa5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5228300b603ba8166b0fb14ed7e8fd7ab68a65a5cbed6605c90bed847282cfa5.dll,#1
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1652-55-0x0000000075721000-0x0000000075723000-memory.dmp

Filesize
8KB

Download
memory/1652-54-0x0000000000000000-mapping.dmp

Download
memory/1652-56-0x00000000001C0000-0x00000000001E0000-memory.dmp

Filesize
128KB

Download