9b2256e08c5dbe8ac10be269181b70ef8b341fd4da87d9c3fb2c239a1f33b6ce | Triage

Analysis

max time kernel
39s
max time network
42s
platform
windows7_x64
resource
win7-20220414-en
submitted
04-07-2022 10:26

Sharing

Report Analysis Logs

General

Target

1836-57-0x00000000000C0000-0x00000000000E2000-memory.dll
Size

136KB
MD5

39b3f5c55706f38613a4680d4510afa9
SHA1

89942489e84742a286c61db849441336f531d612
SHA256

9b2256e08c5dbe8ac10be269181b70ef8b341fd4da87d9c3fb2c239a1f33b6ce
SHA512

0e940fdf28d42b87b1f25a0e60aebce30b55de8962ce4deb6eb20ab177d87cbca98f91c6095c144f5041ccacc2083106227239a0059fadab04f5d95284a7a574

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 560 wrote to memory of 1936	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 1936	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 1936	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 1936	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 1936	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 1936	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 1936	560	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1836-57-0x00000000000C0000-0x00000000000E2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:560

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1836-57-0x00000000000C0000-0x00000000000E2000-memory.dll,#1
2⤵
PID:1936

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-54-0x0000000000000000-mapping.dmp

Download
memory/1936-55-0x00000000753E1000-0x00000000753E3000-memory.dmp

Filesize
8KB

Download