d5462848a3c5328388289dd7ff938750a32ad78c99e21999fbe709e06e7fa213 | Triage

Analysis

max time kernel
39s
max time network
42s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
16-07-2022 09:26

Sharing

Report Analysis Logs

General

Target

1712-57-0x0000000000170000-0x0000000000192000-memory.dll
Size

136KB
MD5

267153a50e94684a50319fe5e5658fd0
SHA1

d3e95a1129c2dc5cba9f62f64186ec3eb3046d7d
SHA256

d5462848a3c5328388289dd7ff938750a32ad78c99e21999fbe709e06e7fa213
SHA512

ae0b54d2868afc1e6bfe7f753363eb8e83fb22a6c10d08765914b0dcb47a203e9889854e8c1f206fa0001f97aba06b4b31a800a663a9693ba5100b533ca51fd5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1672 wrote to memory of 948	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 948	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 948	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 948	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 948	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 948	1672	rundll32.exe	rundll32.exe
PID 1672 wrote to memory of 948	1672	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1712-57-0x0000000000170000-0x0000000000192000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1712-57-0x0000000000170000-0x0000000000192000-memory.dll,#1
2⤵
PID:948

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/948-54-0x0000000000000000-mapping.dmp

Download
memory/948-55-0x0000000075241000-0x0000000075243000-memory.dmp

Filesize
8KB

Download