bd82aa584ad15277fc01dfc6db6b89888d37e7bbbea70046b92bd57c96b3d55d | Triage

Analysis

max time kernel
39s
max time network
50s
platform
windows7_x64
resource
win7-20220414-en
submitted
14-07-2022 09:47

Sharing

Report Analysis Logs

General

Target

b4736b94230d53ab0aa384868b7b00fa07427e18b9e8171f7b48c46ef2481c58.dll
Size

1.3MB
MD5

3d46ae39af71d06bb8644da007259e3b
SHA1

080651a843b1d941e6d70771ed6531c727a4f2a7
SHA256

bd82aa584ad15277fc01dfc6db6b89888d37e7bbbea70046b92bd57c96b3d55d
SHA512

819c880dc841108b05eca4d2ddcee54745bcc7df2cc6ad4645fe29f66459af375fb1bab7fdf83bd901dc191936bfed30171a2d061445d94299c7c6962bfb3405

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1324 wrote to memory of 2024	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 2024	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 2024	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 2024	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 2024	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 2024	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 2024	1324	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4736b94230d53ab0aa384868b7b00fa07427e18b9e8171f7b48c46ef2481c58.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4736b94230d53ab0aa384868b7b00fa07427e18b9e8171f7b48c46ef2481c58.dll,#1
2⤵
PID:2024

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-54-0x0000000000000000-mapping.dmp

Download
memory/2024-55-0x0000000075801000-0x0000000075803000-memory.dmp

Filesize
8KB

Download