3517f96280814abd51fc2c135f60134dc721bbb901568f36df92207c1c70fd6f | Triage

Analysis

max time kernel
39s
max time network
43s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-07-2022 07:11

Sharing

Report Analysis Logs

General

Target

1216-57-0x0000000000290000-0x00000000002B2000-memory.dll
Size

136KB
MD5

a742c4d15d4ce685958524d18b6726c5
SHA1

91416f6e7dac083be3103aed1b96334a0d8925f6
SHA256

3517f96280814abd51fc2c135f60134dc721bbb901568f36df92207c1c70fd6f
SHA512

4f71f85d3a4a418052c6be9411b5d36e863c61180e26d314c239e92094d44baa5b8121c89f88524424316ab13f7f7119c7a2c1c4365710254cb2ec9008395b31

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 376 wrote to memory of 1668	376	rundll32.exe	rundll32.exe
PID 376 wrote to memory of 1668	376	rundll32.exe	rundll32.exe
PID 376 wrote to memory of 1668	376	rundll32.exe	rundll32.exe
PID 376 wrote to memory of 1668	376	rundll32.exe	rundll32.exe
PID 376 wrote to memory of 1668	376	rundll32.exe	rundll32.exe
PID 376 wrote to memory of 1668	376	rundll32.exe	rundll32.exe
PID 376 wrote to memory of 1668	376	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1216-57-0x0000000000290000-0x00000000002B2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:376

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1216-57-0x0000000000290000-0x00000000002B2000-memory.dll,#1
2⤵
PID:1668

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-54-0x0000000000000000-mapping.dmp

Download
memory/1668-55-0x00000000764C1000-0x00000000764C3000-memory.dmp

Filesize
8KB

Download