1dad7675ae0b3b9712ebcb8fe61d41c70e5d4bb46655d52240ccbf36c2d0971f | Triage

Analysis

max time kernel
23s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-07-2022 06:50

Sharing

Report Analysis Logs

General

Target

akbniwuioi.dll
Size

2.5MB
MD5

c4bc5cbc77dccd0f4fadb20a0f17f1d0
SHA1

ae4a62f168d9d4c89330f92beec60729fd029b06
SHA256

1dad7675ae0b3b9712ebcb8fe61d41c70e5d4bb46655d52240ccbf36c2d0971f
SHA512

939cc0c36293c519cd2fae3dab812b0484ab77389da15062298a4cbd0c3fc8274cf90d171cc578ae67382d0bc34f0dd9947729955d981c8a322e5501c9ac1132

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1656 wrote to memory of 1948	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 1948	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 1948	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 1948	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 1948	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 1948	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 1948	1656	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\akbniwuioi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1656

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\akbniwuioi.dll,#1
2⤵
PID:1948

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1948-54-0x0000000000000000-mapping.dmp

Download
memory/1948-55-0x0000000075781000-0x0000000075783000-memory.dmp

Filesize
8KB

Download