e3cb924719451d3a3f5b1461e914844a496799f09ea32b9ad5f455b0ebf46b40 | Triage

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-07-2022 12:39

Sharing

Report Analysis Logs

General

Target

1700-56-0x0000000002150000-0x0000000002172000-memory.dll
Size

136KB
MD5

e77640a0b22d9e7d779cc017a1ea4163
SHA1

fc801a9856460675bd33c6168b05a76dee118195
SHA256

e3cb924719451d3a3f5b1461e914844a496799f09ea32b9ad5f455b0ebf46b40
SHA512

6205592b708a38a30973336ef4126c09491053f6cd864361abf2dae2bc0824f06df858dac0a734fd430c3b822e45db07f2a5a5c4b02ebe58ce1cf2cdd493b62e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 632 wrote to memory of 1628	632	rundll32.exe	rundll32.exe
PID 632 wrote to memory of 1628	632	rundll32.exe	rundll32.exe
PID 632 wrote to memory of 1628	632	rundll32.exe	rundll32.exe
PID 632 wrote to memory of 1628	632	rundll32.exe	rundll32.exe
PID 632 wrote to memory of 1628	632	rundll32.exe	rundll32.exe
PID 632 wrote to memory of 1628	632	rundll32.exe	rundll32.exe
PID 632 wrote to memory of 1628	632	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1700-56-0x0000000002150000-0x0000000002172000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:632

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1700-56-0x0000000002150000-0x0000000002172000-memory.dll,#1
2⤵
PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1628-54-0x0000000000000000-mapping.dmp

Download
memory/1628-55-0x0000000075391000-0x0000000075393000-memory.dmp

Filesize
8KB

Download