8d4b0fdf101030cec6c4b04787ced67bcb120b5734e4d18e9c35680114b08fc3 | Triage

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-07-2022 18:56

Sharing

Report Analysis Logs

General

Target

624-57-0x0000000000840000-0x0000000000862000-memory.dll
Size

136KB
MD5

76f85f5507aa4445f4b415200ade03e7
SHA1

7db353146d7b61ab61f05bc5a72909c07722e759
SHA256

8d4b0fdf101030cec6c4b04787ced67bcb120b5734e4d18e9c35680114b08fc3
SHA512

e657af9e0214918efc351a6135121b15f513ec7f277643e7255470095b40069359cd12c61a3f62df922d23ce34d3a077188116d99b8cf840909bcea42c409c18

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1468 wrote to memory of 1668	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1668	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1668	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1668	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1668	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1668	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1668	1468	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\624-57-0x0000000000840000-0x0000000000862000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1468

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\624-57-0x0000000000840000-0x0000000000862000-memory.dll,#1
2⤵
PID:1668

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-54-0x0000000000000000-mapping.dmp

Download
memory/1668-55-0x0000000075371000-0x0000000075373000-memory.dmp

Filesize
8KB

Download