56dc80ff83ec01da2e910f24d073918816a692e9a656fd585052044a86fd8bca | Triage

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-07-2022 10:41

Sharing

Report Analysis Logs

General

Target

1084-57-0x0000000000190000-0x00000000001B2000-memory.dll
Size

136KB
MD5

e35ea41cf9c57d4ba206df1a218eda76
SHA1

a720e62567bc76a14256c87671670d6c08f8ecce
SHA256

56dc80ff83ec01da2e910f24d073918816a692e9a656fd585052044a86fd8bca
SHA512

5a43d02fc0e4c94a3bf1bb02b2f56e1b0d8902d486c35b567578830f03f5cfbcbb01b43a35ba4b85d6ec60d90a2a8f706269a038cd8f6242ac5441da826b865f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1860 wrote to memory of 1276	1860	rundll32.exe	rundll32.exe
PID 1860 wrote to memory of 1276	1860	rundll32.exe	rundll32.exe
PID 1860 wrote to memory of 1276	1860	rundll32.exe	rundll32.exe
PID 1860 wrote to memory of 1276	1860	rundll32.exe	rundll32.exe
PID 1860 wrote to memory of 1276	1860	rundll32.exe	rundll32.exe
PID 1860 wrote to memory of 1276	1860	rundll32.exe	rundll32.exe
PID 1860 wrote to memory of 1276	1860	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1084-57-0x0000000000190000-0x00000000001B2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1860

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1084-57-0x0000000000190000-0x00000000001B2000-memory.dll,#1
2⤵
PID:1276

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1276-54-0x0000000000000000-mapping.dmp

Download
memory/1276-55-0x0000000075E41000-0x0000000075E43000-memory.dmp

Filesize
8KB

Download