3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a | Triage

Analysis

max time kernel
31s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 16:17

Sharing

Report Analysis Logs

General

Target

3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a.dll
Size

207KB
MD5

b6c818d69ff341e4bb49e5fc84ce1430
SHA1

f9f6e346bfd22be381fdbbeec16a0a99343072f3
SHA256

3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a
SHA512

f7a1cdbfe76fdaa9e008077e8e5a873e7b444effcadfee8c491948c62b437ffac008c545f3327b4624ba5aa12e97cea231c4f9b09827194dbab20a3b6aba714c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1496 wrote to memory of 964	1496	rundll32.exe	rundll32.exe
PID 1496 wrote to memory of 964	1496	rundll32.exe	rundll32.exe
PID 1496 wrote to memory of 964	1496	rundll32.exe	rundll32.exe
PID 1496 wrote to memory of 964	1496	rundll32.exe	rundll32.exe
PID 1496 wrote to memory of 964	1496	rundll32.exe	rundll32.exe
PID 1496 wrote to memory of 964	1496	rundll32.exe	rundll32.exe
PID 1496 wrote to memory of 964	1496	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1496

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a.dll,#1
2⤵
PID:964

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x0000000000000000-mapping.dmp

Download
memory/964-55-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download