1ce7c87d8dc79ace14eb2a1be829f2d3b321b70717f723a61998ab3b9112eec8 | Triage

Analysis

max time kernel
91s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
resource tags

arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2022 23:35

Sharing

Report Analysis Logs

General

Target

main.dll
Size

777KB
MD5

926382093a313282f4a1639944f3fb0c
SHA1

851380d94deeb031aad806795d760f3982399850
SHA256

1ce7c87d8dc79ace14eb2a1be829f2d3b321b70717f723a61998ab3b9112eec8
SHA512

f315d01e8475c4bc73a9c2e18c17c462b826dec66d9900534f0ccddd08f782642828fe1c2b3a04049f82c38f24cd48f419c7d1c91200ca1de32f27642ac145d3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2140 wrote to memory of 2224	2140	rundll32.exe	rundll32.exe
PID 2140 wrote to memory of 2224	2140	rundll32.exe	rundll32.exe
PID 2140 wrote to memory of 2224	2140	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\main.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\main.dll,#1
  2⤵
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2224-130-0x0000000000000000-mapping.dmp

Download
memory/2224-131-0x0000000000600000-0x00000000006C6000-memory.dmp

Filesize
792KB

Download