ac73a762b35d454d5d3daeb561f23efef7089afd7ff02fd82dc30964f2d34276 | Triage

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-07-2022 08:00

Sharing

Report Analysis Logs

General

Target

1612-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Size

136KB
MD5

6f725ed8394dbeeca88aeab703bc3ac3
SHA1

08aa318756a22e4d68404ce3a26fe4caf49d240c
SHA256

ac73a762b35d454d5d3daeb561f23efef7089afd7ff02fd82dc30964f2d34276
SHA512

660b8acf8ef4dc79c7b92ec31e95247625d9f855cd96041f8456018c762d064243a00c002f00a440d0cc1cd16c7f71e7c81e5b07eedff75c1f4e55cb64cd2667

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 548 wrote to memory of 748	548	rundll32.exe	rundll32.exe
PID 548 wrote to memory of 748	548	rundll32.exe	rundll32.exe
PID 548 wrote to memory of 748	548	rundll32.exe	rundll32.exe
PID 548 wrote to memory of 748	548	rundll32.exe	rundll32.exe
PID 548 wrote to memory of 748	548	rundll32.exe	rundll32.exe
PID 548 wrote to memory of 748	548	rundll32.exe	rundll32.exe
PID 548 wrote to memory of 748	548	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1612-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:548

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1612-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
2⤵
PID:748

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/748-54-0x0000000000000000-mapping.dmp

Download
memory/748-55-0x0000000075D21000-0x0000000075D23000-memory.dmp

Filesize
8KB

Download