41b863c5b7e4cfad70fe4c82c41791d57d9004378a03fc710c01f678c2ff7a74 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
resource tags

arch:x64arch:x86image:win7-20220414-enlocale:en-usos:windows7-x64system
submitted
15-07-2022 23:46

Sharing

Report Analysis Logs

General

Target

1204-57-0x0000000000980000-0x00000000009A2000-memory.dll
Size

136KB
MD5

217172a75efc553df8b3bac2e1c87f4d
SHA1

4e988f872f6be5eddf03028069eafb7bbbc71370
SHA256

41b863c5b7e4cfad70fe4c82c41791d57d9004378a03fc710c01f678c2ff7a74
SHA512

9c6317e772e7c01c66dcf74d758e822927a83927f00aabd7c74249c3727f7593e2b69137d9a55d53291eb1a6555e6192528c801e7c59339cc28f5b3734dd9145

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1920 wrote to memory of 1912	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 1912	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 1912	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 1912	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 1912	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 1912	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 1912	1920	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1204-57-0x0000000000980000-0x00000000009A2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1920

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1204-57-0x0000000000980000-0x00000000009A2000-memory.dll,#1
2⤵
PID:1912

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1912-54-0x0000000000000000-mapping.dmp

Download
memory/1912-55-0x0000000075F61000-0x0000000075F63000-memory.dmp

Filesize
8KB

Download