50d68a1b46f0ff39819073c387dd61d47f45965ebe1cdff323954d94692510e5 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-07-2022 11:37

Sharing

Report Analysis Logs

General

Target

f2930620f8d2059149b284d2a04990d8cbc6690f.dll
Size

3.6MB
MD5

741f7fd6af800ba69ccc3d4255da8ddd
SHA1

f2930620f8d2059149b284d2a04990d8cbc6690f
SHA256

50d68a1b46f0ff39819073c387dd61d47f45965ebe1cdff323954d94692510e5
SHA512

22a3da0fbc1ae353a80243083977e64eacd47458b984af6ae659444dfdc070ba728be8a4dd7f68f37bcb3ab1b260ea99b4b1492a21d12f0a125319f746b28059

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2930620f8d2059149b284d2a04990d8cbc6690f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2930620f8d2059149b284d2a04990d8cbc6690f.dll,#1
2⤵
PID:2016

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-54-0x0000000000000000-mapping.dmp

Download
memory/2016-55-0x0000000075BF1000-0x0000000075BF3000-memory.dmp

Filesize
8KB

Download
memory/2016-56-0x0000000074A60000-0x00000000753BC000-memory.dmp

Filesize
9.4MB

Download
memory/2016-57-0x0000000073930000-0x000000007428C000-memory.dmp

Filesize
9.4MB

Download
memory/2016-58-0x0000000073930000-0x000000007428C000-memory.dmp

Filesize
9.4MB

Download