c2748d0055603215490faebfa7006845be938b956d000ee4c464413e5f6e9125 | Triage

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
13-07-2022 17:15

Sharing

Report Analysis Logs

General

Target

2024-57-0x0000000000180000-0x00000000001A2000-memory.dll
Size

136KB
MD5

0b097358111b7de5196050a0c601ca15
SHA1

f47964bef29ed1ce35fc3751d127e57d12f83fd3
SHA256

c2748d0055603215490faebfa7006845be938b956d000ee4c464413e5f6e9125
SHA512

a1ef05ea174e5d75d4c216edb8ad7e59dd4e099755f2aa6d669412cd09591b1aef3955051e304506d0c18549f3a2d4fcff97247ae33a6fe2e40153134b8452a0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1036 wrote to memory of 908	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 908	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 908	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 908	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 908	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 908	1036	rundll32.exe	rundll32.exe
PID 1036 wrote to memory of 908	1036	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2024-57-0x0000000000180000-0x00000000001A2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1036

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2024-57-0x0000000000180000-0x00000000001A2000-memory.dll,#1
2⤵
PID:908

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/908-54-0x0000000000000000-mapping.dmp

Download
memory/908-55-0x0000000075B61000-0x0000000075B63000-memory.dmp

Filesize
8KB

Download