c992296a35528b12b39052e8dedc74d42c6d96e5e63c0ac0ad9a5545ce4e8d7e | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
14-07-2022 21:45

Sharing

Report Analysis Logs

General

Target

7533.dll
Size

663KB
MD5

a8c071f4d69627f581fa15495218bff7
SHA1

25beb06d731192ea20bc7eb0c81ae952f2a0bd33
SHA256

c992296a35528b12b39052e8dedc74d42c6d96e5e63c0ac0ad9a5545ce4e8d7e
SHA512

6c033032c3d1747f1afd20e584f6e507bce655b86f096d05805b200c005e64dac76a9fcd4b4151c5cb332092272e95e9a1b6273ca86a537b8ae798fdde735f18

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3888 wrote to memory of 816	3888	rundll32.exe	rundll32.exe
PID 3888 wrote to memory of 816	3888	rundll32.exe	rundll32.exe
PID 3888 wrote to memory of 816	3888	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7533.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7533.dll,#1
  2⤵
  PID:816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/816-130-0x0000000000000000-mapping.dmp

Download