c19237b89e111f85b83fee7db2778a108d2c803c91dd869f757eb5bf8b9bd453 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
04-07-2022 10:15

Sharing

Report Analysis Logs

General

Target

676-57-0x00000000001C0000-0x00000000001E2000-memory.dll
Size

136KB
MD5

51f4d7baff52973ba4c06c763a957646
SHA1

2edbc323589863be7a9179e4a7ae9e69443e6c31
SHA256

c19237b89e111f85b83fee7db2778a108d2c803c91dd869f757eb5bf8b9bd453
SHA512

15792e55ce5e2f8764c3d34d9d42f4ef5db96c4ed6ceda7bb282a0dc38affe4171381158f4b71ebe992dcbf4da1de1b9abb1b23f70fb6b918b6ee203263e4f20

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\676-57-0x00000000001C0000-0x00000000001E2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\676-57-0x00000000001C0000-0x00000000001E2000-memory.dll,#1
2⤵
PID:1084

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1084-54-0x0000000000000000-mapping.dmp

Download
memory/1084-55-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

Filesize
8KB

Download