ff155b7792c2adac10cc1e54738077b997f269be68cf25f322b115bdb8cb5e7a | Triage

Analysis

max time kernel
90s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
resource tags

arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2022 14:21

Sharing

Report Analysis Logs

General

Target

7533.dll
Size

663KB
MD5

96eb0292ad176c905613678a3125cca5
SHA1

99b8f05e6a3125a2609166659178f3eda05978eb
SHA256

ff155b7792c2adac10cc1e54738077b997f269be68cf25f322b115bdb8cb5e7a
SHA512

73a826a4432957eb06eafb7dd7f74070cd731796d709b61fecb9bf417aa4c6471cec34a141bf2ce017c7ee1c8d6a00296b306536745c1468b7fdb5e5103891f5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1204 wrote to memory of 2608	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 2608	1204	rundll32.exe	rundll32.exe
PID 1204 wrote to memory of 2608	1204	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7533.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7533.dll,#1
2⤵
PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2608-130-0x0000000000000000-mapping.dmp

Download