62cac929ebf22f267a35629ff6ee5e559eebcc33041d0bfd971d85109056125c | Triage

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-07-2022 08:04

Sharing

Report Analysis Logs

General

Target

1764-57-0x0000000000260000-0x0000000000282000-memory.dll
Size

136KB
MD5

525119a368b99a9120a51d790bc1ec7d
SHA1

ee5a89fac6aa9b82709df6dbfb9be584295f4f37
SHA256

62cac929ebf22f267a35629ff6ee5e559eebcc33041d0bfd971d85109056125c
SHA512

35606c62409e660e222539fdb5c0a35fbff766a4d651de661ba2b60e57ada4908113d5ca3888f49a0f80acdbde326b9b0065ba8ab77b689fcd6b2c14c34b05cc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1260 wrote to memory of 1908	1260	rundll32.exe	rundll32.exe
PID 1260 wrote to memory of 1908	1260	rundll32.exe	rundll32.exe
PID 1260 wrote to memory of 1908	1260	rundll32.exe	rundll32.exe
PID 1260 wrote to memory of 1908	1260	rundll32.exe	rundll32.exe
PID 1260 wrote to memory of 1908	1260	rundll32.exe	rundll32.exe
PID 1260 wrote to memory of 1908	1260	rundll32.exe	rundll32.exe
PID 1260 wrote to memory of 1908	1260	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1260

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
2⤵
PID:1908

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1908-54-0x0000000000000000-mapping.dmp

Download
memory/1908-55-0x0000000075CE1000-0x0000000075CE3000-memory.dmp

Filesize
8KB

Download