b9b80d6296c3fbd2dff813a6d1cf8a978e38f2f1f5ce8c647fb39ca759284c67 | Triage

Analysis

max time kernel
142s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220722-en
resource tags

arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system
submitted
11-08-2022 22:39

Sharing

Report Analysis Logs

General

Target

7533.dll
Size

663KB
MD5

78a8aef64a4c651757bd31e7f56a5a7c
SHA1

1b4bc8ed5c38b17152a10207c2ce8b9a2b2ce74b
SHA256

b9b80d6296c3fbd2dff813a6d1cf8a978e38f2f1f5ce8c647fb39ca759284c67
SHA512

e4d424e6fd1c988f102e5827d223eae590781cf9bd3ae52b549877abdd0a86d81f13854c8285933418c3ec635698329362061d0237889f0f92e4ec8c5ee3e6a4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3336 wrote to memory of 1864	3336	rundll32.exe	rundll32.exe
PID 3336 wrote to memory of 1864	3336	rundll32.exe	rundll32.exe
PID 3336 wrote to memory of 1864	3336	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7533.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3336

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7533.dll,#1
2⤵
PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1864-132-0x0000000000000000-mapping.dmp

Download