e54a87583c57c34ddd3f46d7d8796dc61365ee8f7c242f7e6ee6931fddc52af1 | Triage

Analysis

max time kernel
52s
max time network
181s
platform
windows7_x64
resource
win7-20220414-en
submitted
30-06-2022 19:49

Sharing

Report Analysis Logs

General

Target

e54a87583c57c34ddd3f46d7d8796dc61365ee8f7c242f7e6ee6931fddc52af1.dll
Size

426KB
MD5

6a83f1cca9dfa139275aa875aca00e7e
SHA1

78a1a9a3e6d8eb8ae67b898e0ec7acb4b207250d
SHA256

e54a87583c57c34ddd3f46d7d8796dc61365ee8f7c242f7e6ee6931fddc52af1
SHA512

4319dee68e89534898776c5d87bdcff899784307f647f950d5d7570745b9e29455fe64810d6967dd6384bd8d9000bf5144004ce68568585c69142efcd0f4d65e

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

1688 rundll32.exe
1688 rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1680 wrote to memory of 1688	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1688	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1688	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1688	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1688	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1688	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1688	1680	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e54a87583c57c34ddd3f46d7d8796dc61365ee8f7c242f7e6ee6931fddc52af1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e54a87583c57c34ddd3f46d7d8796dc61365ee8f7c242f7e6ee6931fddc52af1.dll,#1
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1688-55-0x0000000075761000-0x0000000075763000-memory.dmp

Filesize
8KB

Download
memory/1688-54-0x0000000000000000-mapping.dmp

Download
memory/1688-56-0x00000000003A0000-0x00000000003C0000-memory.dmp

Filesize
128KB

Download