41f0fe0c23cb0e551c5d76c138248378fb9070269b575194f5af65205e1668d8 | Triage

Analysis

max time kernel
145s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
14-07-2022 21:56

Sharing

Report Analysis Logs

General

Target

1668-57-0x0000000000390000-0x00000000003B2000-memory.dll
Size

136KB
MD5

ea2559812be3f16a882af20c0fbab41a
SHA1

a3ec58b288ee63d4a9da81eef60a3ee14f55131d
SHA256

41f0fe0c23cb0e551c5d76c138248378fb9070269b575194f5af65205e1668d8
SHA512

76d43c1108e74657583fd87344f10466b9b4caa68adc131a5cfd206c18daa6b4b11a5ba1e92745fc3d0f0b7cc4398a51ba5422b06e1a200e0d7e591d2c3ee5d6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 4348 wrote to memory of 4160	4348	rundll32.exe	rundll32.exe
PID 4348 wrote to memory of 4160	4348	rundll32.exe	rundll32.exe
PID 4348 wrote to memory of 4160	4348	rundll32.exe	rundll32.exe
PID 4160 wrote to memory of 4036	4160	rundll32.exe	rundll32.exe
PID 4160 wrote to memory of 4036	4160	rundll32.exe	rundll32.exe
PID 4160 wrote to memory of 4036	4160	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1668-57-0x0000000000390000-0x00000000003B2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4348

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1668-57-0x0000000000390000-0x00000000003B2000-memory.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:4160

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1668-57-0x0000000000390000-0x00000000003B2000-memory.dll,#1
3⤵
PID:4036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4036-131-0x0000000000000000-mapping.dmp

Download
memory/4160-130-0x0000000000000000-mapping.dmp

Download