e54941c8fd4f4ad0a627b6396b17ced2829c0242237830cc035efcf0998aab22 | Triage

Resubmissions

09-12-2022 21:25

221209-z9vgyaed42 10

09-12-2022 20:57

221209-zrnxfahb5v 10

02-12-2022 02:38

221202-c46axsab2w 10

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 02:38

Sharing

Report Analysis Logs

General

Target

786.dll
Size

600KB
MD5

a12026e1d8d5699723e14a450f612528
SHA1

0eb6925e3e7e9cd9f0e472495956112195e1ed04
SHA256

6732fc37c4d5de1459b19b734547bd4dfd86b9b3c779d292ffffe0e74007ecb6
SHA512

9628b83edfb2872c01451fbac092190a6af3d85bf5b8e9ba482009e085cbc2604b00563014c8defa6862b26f5daa925aeddeee61a0b27c1a8e0cb76e3a45effc
SSDEEP

12288:QSUUEfo5I6/o2qgkpUdv9Msme0CWUdOWk4F:QSTiWDvLfRme0C0Wk4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1388 wrote to memory of 1036	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1036	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1036	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1036	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1036	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1036	1388	rundll32.exe	rundll32.exe
PID 1388 wrote to memory of 1036	1388	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\786.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\786.dll,#1
  2⤵
  PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1036-54-0x0000000000000000-mapping.dmp

Download
memory/1036-55-0x00000000753C1000-0x00000000753C3000-memory.dmp

Filesize
8KB

Download