7bad50b94eb8142e6ba3b68116f0d3f185582e1e2661085040c37b0f21dc6a85 | Triage

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12-07-2022 07:03

Sharing

Report Analysis Logs

General

Target

7bad50b94eb8142e6ba3b68116f0d3f185582e1e2661085040c37b0f21dc6a85.dll
Size

686KB
MD5

03b4779695d01b1d9e2178a4b2308418
SHA1

bb673af6c22c1712670477c20b35127c76d141e2
SHA256

7bad50b94eb8142e6ba3b68116f0d3f185582e1e2661085040c37b0f21dc6a85
SHA512

02303e4f88d3156176ef762c31329e2bd34234be7ef1fab857f37a0f623fc590e579826d3513d64b07926c5e55bacb3b888354fc2a9c66a7e00f4f921576a48b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4476 wrote to memory of 2156	4476	rundll32.exe	rundll32.exe
PID 4476 wrote to memory of 2156	4476	rundll32.exe	rundll32.exe
PID 4476 wrote to memory of 2156	4476	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bad50b94eb8142e6ba3b68116f0d3f185582e1e2661085040c37b0f21dc6a85.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4476

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bad50b94eb8142e6ba3b68116f0d3f185582e1e2661085040c37b0f21dc6a85.dll,#1
2⤵
PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2156-130-0x0000000000000000-mapping.dmp

Download
memory/2156-131-0x0000000000A00000-0x0000000000AAE000-memory.dmp

Filesize
696KB

Download