84eda1c70305436d1f9567e274b95f6f3a22e0c9dfbb1b70b8a97febf9bb5d18 | Triage

Analysis

max time kernel
30s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 02:20

Sharing

Report Analysis Logs

General

Target

files/spreaderA.dll
Size

119KB
MD5

58d71fff346017cf8311120c69c9946a
SHA1

6b5958bfabfe7c731193adb96880b225c8505b73
SHA256

2d29f9ca1d9089ba0399661bb34ba2fd8aba117f04678cd71856d5894aa7150b
SHA512

315cc419f6ec600a345447b0f49e3de9f13c1e96d9bbc272f982204b1c7ec71cb3805f5ff7821da3e7944e327c22e5eba6f3c94b08c66b6e241395e1ea133ed1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 876 wrote to memory of 1744	876	rundll32.exe	24
PID 876 wrote to memory of 1744	876	rundll32.exe	24
PID 876 wrote to memory of 1744	876	rundll32.exe	24
PID 876 wrote to memory of 1744	876	rundll32.exe	24
PID 876 wrote to memory of 1744	876	rundll32.exe	24
PID 876 wrote to memory of 1744	876	rundll32.exe	24
PID 876 wrote to memory of 1744	876	rundll32.exe	24

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\files\spreaderA.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\files\spreaderA.dll,#1
  2⤵
  PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-54-0x0000000000000000-mapping.dmp

Download
memory/1744-55-0x0000000076451000-0x0000000076453000-memory.dmp

Filesize
8KB

Download