8dddd81ab951446e4a4b471461d420e12ab9c29edff1f2a757084882587069a8 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
resource tags

arch:x64arch:x86image:win7-20220414-enlocale:en-usos:windows7-x64system
submitted
15-07-2022 14:50

Sharing

Report Analysis Logs

General

Target

960-57-0x0000000000340000-0x0000000000362000-memory.dll
Size

136KB
MD5

2cc04b6fb9cf01114abba4ceaaf1b85f
SHA1

3cecaa902a1e13c5cf58c269c1495f0a44d540fe
SHA256

8dddd81ab951446e4a4b471461d420e12ab9c29edff1f2a757084882587069a8
SHA512

f3373fb01591daab42b9866b306a69f6d6526c38c76f6a082ef0b33f35b9c5423fa9b130ca9b7e20079fd576d464d3e32e309018b1d04e751a8fcb7ad13bd014

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe
PID 1008 wrote to memory of 1084	1008	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\960-57-0x0000000000340000-0x0000000000362000-memory.dll,#1
  2⤵
  PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1084-54-0x0000000000000000-mapping.dmp

Download
memory/1084-55-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

Filesize
8KB

Download