bc57f82267ee65e6639b223a57eed33b6980e00fd8138aae9001b17b3a014ce0 | Triage

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 13:26

Sharing

Report Analysis Logs

General

Target

geg.dll
Size

299KB
MD5

e03a20cb5e94f4dd46ccdff15699d65b
SHA1

144b5aec464ad625db98b648e71adf15d25ed90c
SHA256

bc57f82267ee65e6639b223a57eed33b6980e00fd8138aae9001b17b3a014ce0
SHA512

d5f5587bcf955dbc467d685434659fb04733671b1e6f0662bd7e6cf89de3bd4ce2cc1d47c6bdb808f7eb613a282bedce81279d81f6e19f022b5a8c2f821e6ad1
SSDEEP

6144:DCwRY6BW3aLjd5b+94uxYc9tN48VuCyn7:mUB8avfJi5VuJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\geg.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\geg.dll,#1
  2⤵
  PID:548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/548-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download