4bc9ce262d95d9cfa04bc02a600b194e817def7b9b917e523509147fea730336 | Triage

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220414-en
submitted
14-07-2022 21:59

Sharing

Report Analysis Logs

General

Target

1896-57-0x00000000002F0000-0x0000000000312000-memory.dll
Size

136KB
MD5

4d9d7d7e94fdefa89735676ebe3bd607
SHA1

a4b6b465f8e78c5db094361d0c11d4bfb375f835
SHA256

4bc9ce262d95d9cfa04bc02a600b194e817def7b9b917e523509147fea730336
SHA512

9504b7c495276a1ad056ee1b0e950325635f2180c98b03f4cd79352eee03bda9162b60186b5e61d853d79e7bd76049c7b5b36007962ee16d453cf5d8402ac370

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2032 wrote to memory of 896	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 896	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 896	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 896	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 896	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 896	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 896	2032	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1896-57-0x00000000002F0000-0x0000000000312000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1896-57-0x00000000002F0000-0x0000000000312000-memory.dll,#1
2⤵
PID:896

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/896-54-0x0000000000000000-mapping.dmp

Download
memory/896-55-0x0000000075221000-0x0000000075223000-memory.dmp

Filesize
8KB

Download