5ac3756d50b54b6d386a489262f8bc5f3da0e09bc23c37918eb0d875039e1982 | Triage

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-07-2022 07:24

Sharing

Report Analysis Logs

General

Target

1600-57-0x0000000000920000-0x0000000000942000-memory.dll
Size

136KB
MD5

5ca15c93fea761432743a8dbba7b7109
SHA1

dc7f6daf2d078708b2a7dfec9d95a3fddb3c4198
SHA256

5ac3756d50b54b6d386a489262f8bc5f3da0e09bc23c37918eb0d875039e1982
SHA512

bf18660180156d3115b1ebbdeeeb53601414231951673b2903a21308e7da66ea5da1bc2f1f59f457ac312b8600ca9d869ec65800dd8cca31cf9312dfdd11a663

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1984 wrote to memory of 1524	1984	rundll32.exe	rundll32.exe
PID 1984 wrote to memory of 1524	1984	rundll32.exe	rundll32.exe
PID 1984 wrote to memory of 1524	1984	rundll32.exe	rundll32.exe
PID 1984 wrote to memory of 1524	1984	rundll32.exe	rundll32.exe
PID 1984 wrote to memory of 1524	1984	rundll32.exe	rundll32.exe
PID 1984 wrote to memory of 1524	1984	rundll32.exe	rundll32.exe
PID 1984 wrote to memory of 1524	1984	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1600-57-0x0000000000920000-0x0000000000942000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1984

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1600-57-0x0000000000920000-0x0000000000942000-memory.dll,#1
2⤵
PID:1524

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1524-54-0x0000000000000000-mapping.dmp

Download
memory/1524-55-0x00000000756E1000-0x00000000756E3000-memory.dmp

Filesize
8KB

Download