ffc7b7eee99f5d70375bab96f19cce710513faf23f7e3b53eb3aa78a195a172a | Triage

Analysis

max time kernel
93s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
11-07-2022 20:52

Sharing

Report Analysis Logs

General

Target

1884-57-0x0000000000330000-0x0000000000352000-memory.dll
Size

136KB
MD5

08a03d4d271496fe89557c0f0eda4b00
SHA1

de3f75e4857c39a1dca990b198ff08eabaeda274
SHA256

ffc7b7eee99f5d70375bab96f19cce710513faf23f7e3b53eb3aa78a195a172a
SHA512

c34a5d0ea614071f9c3b1ea0075d7e05fbfaf44c00b5c9c48416eb3f285ab4ac98074a2eee45b6211821a09a85599b251c8007ccc3beb6aa744f836d1208e0b3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 432 wrote to memory of 4000	432	rundll32.exe	rundll32.exe
PID 432 wrote to memory of 4000	432	rundll32.exe	rundll32.exe
PID 432 wrote to memory of 4000	432	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000330000-0x0000000000352000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000330000-0x0000000000352000-memory.dll,#1
2⤵
PID:4000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4000-130-0x0000000000000000-mapping.dmp

Download