59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe | Triage

Analysis

max time kernel
62s
max time network
42s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
24-07-2022 02:58

Sharing

Report Analysis Logs

General

Target

59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe.dll
Size

57KB
MD5

b7b90e1cc763199c625c330ae1400ca1
SHA1

3868d3929c95187bc99640da54684b20d75cb384
SHA256

59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe
SHA512

a3dc2482c3d79a2be9db4373e2d59e8b2bee91d2f7f7dee542f6e13b895b868c62d318061a15f5bafac7720aac11e2bb99f26d44801cc51e057015d7d704a4f8

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

rundll32.exe

pid process

240 rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1656 wrote to memory of 240	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 240	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 240	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 240	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 240	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 240	1656	rundll32.exe	rundll32.exe
PID 1656 wrote to memory of 240	1656	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1656

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59bebe69c6273edf9f4a2d2841f8624dc295c8d3fcb668960c1ca5b954e871fe.dll,#1
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:240

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/240-54-0x0000000000000000-mapping.dmp

Download
memory/240-55-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download
memory/240-56-0x0000000001FC0000-0x00000000021BA000-memory.dmp

Filesize
2.0MB

Download