ac73a762b35d454d5d3daeb561f23efef7089afd7ff02fd82dc30964f2d34276 | Triage

Analysis

max time kernel
167s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12-07-2022 08:00

Sharing

Report Analysis Logs

General

Target

1612-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Size

136KB
MD5

6f725ed8394dbeeca88aeab703bc3ac3
SHA1

08aa318756a22e4d68404ce3a26fe4caf49d240c
SHA256

ac73a762b35d454d5d3daeb561f23efef7089afd7ff02fd82dc30964f2d34276
SHA512

660b8acf8ef4dc79c7b92ec31e95247625d9f855cd96041f8456018c762d064243a00c002f00a440d0cc1cd16c7f71e7c81e5b07eedff75c1f4e55cb64cd2667

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

rundll32.exerundll32.exerundll32.exerundll32.exerundll32.exe

description	pid	process	target process
PID 1052 wrote to memory of 2648	1052	rundll32.exe	rundll32.exe
PID 1052 wrote to memory of 2648	1052	rundll32.exe	rundll32.exe
PID 1052 wrote to memory of 2648	1052	rundll32.exe	rundll32.exe
PID 2648 wrote to memory of 1900	2648	rundll32.exe	rundll32.exe
PID 2648 wrote to memory of 1900	2648	rundll32.exe	rundll32.exe
PID 2648 wrote to memory of 1900	2648	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 2424	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 2424	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 2424	1900	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 3540	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 3540	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 3540	2424	rundll32.exe	rundll32.exe
PID 3540 wrote to memory of 3152	3540	rundll32.exe	rundll32.exe
PID 3540 wrote to memory of 3152	3540	rundll32.exe	rundll32.exe
PID 3540 wrote to memory of 3152	3540	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1612-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1052

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1612-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2648

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1612-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
3⤵
- Suspicious use of WriteProcessMemory
PID:1900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1612-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
4⤵
- Suspicious use of WriteProcessMemory
PID:2424

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1612-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
5⤵
- Suspicious use of WriteProcessMemory
PID:3540

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1612-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#1
6⤵
PID:3152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1900-131-0x0000000000000000-mapping.dmp

Download
memory/2424-132-0x0000000000000000-mapping.dmp

Download
memory/2648-130-0x0000000000000000-mapping.dmp

Download
memory/3152-134-0x0000000000000000-mapping.dmp

Download
memory/3540-133-0x0000000000000000-mapping.dmp

Download