d5aa319f10b7b5302fbf03c8475a18e30aa5f97da6e5165953add2fcd4d8a431 | Triage

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 04:50

Sharing

Report Analysis Logs

General

Target

d5aa319f10b7b5302fbf03c8475a18e30aa5f97da6e5165953add2fcd4d8a431.dll
Size

207KB
MD5

600e7e558ee854b88c82fb7b065ad34b
SHA1

9b665aaadabc714a06bab604363631550992a9e6
SHA256

d5aa319f10b7b5302fbf03c8475a18e30aa5f97da6e5165953add2fcd4d8a431
SHA512

f3021e124ddf62c48a64cb948cc865bf19bd1afbd643b5af5bbef341e21b4b84e5c6d624d2f0f043b00014d26cf94b88b370bbfc7e232a2667d8d3e52063ee4c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 664 wrote to memory of 1908	664	rundll32.exe	rundll32.exe
PID 664 wrote to memory of 1908	664	rundll32.exe	rundll32.exe
PID 664 wrote to memory of 1908	664	rundll32.exe	rundll32.exe
PID 664 wrote to memory of 1908	664	rundll32.exe	rundll32.exe
PID 664 wrote to memory of 1908	664	rundll32.exe	rundll32.exe
PID 664 wrote to memory of 1908	664	rundll32.exe	rundll32.exe
PID 664 wrote to memory of 1908	664	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5aa319f10b7b5302fbf03c8475a18e30aa5f97da6e5165953add2fcd4d8a431.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:664

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5aa319f10b7b5302fbf03c8475a18e30aa5f97da6e5165953add2fcd4d8a431.dll,#1
2⤵
PID:1908

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1908-54-0x0000000000000000-mapping.dmp

Download
memory/1908-55-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

Filesize
8KB

Download