a49cfd03e995deb4705893c331d37acb39b86dc8d2c31d48d5b853aa60308640 | Triage

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220414-en
submitted
13-07-2022 16:46

Sharing

Report Analysis Logs

General

Target

996-81-0x00000000030A0000-0x0000000003AFD000-memory.dll
Size

10.4MB
MD5

fdb9e473e53c4a87685c79e25b32d204
SHA1

0877433fad372755bacc5574e65d682b570be5e4
SHA256

a49cfd03e995deb4705893c331d37acb39b86dc8d2c31d48d5b853aa60308640
SHA512

575d5b54e47ccbc577aae050038a4c0a354f56ccc9e3d16631a898e9d68654ae0d3489a62edd2fa1853d943a3932808e86a5941350f96365fbdbb34b5d10d283

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1932 wrote to memory of 1944	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 1944	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 1944	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 1944	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 1944	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 1944	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 1944	1932	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\996-81-0x00000000030A0000-0x0000000003AFD000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1932

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\996-81-0x00000000030A0000-0x0000000003AFD000-memory.dll,#1
2⤵
PID:1944

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-54-0x0000000000000000-mapping.dmp

Download
memory/1944-55-0x00000000757C1000-0x00000000757C3000-memory.dmp

Filesize
8KB

Download