50df969f412391ca19609bbeeac268a4cf97ed8cc605fbfeddcb628373a637d9 | Triage

Resubmissions

12-12-2022 14:44

221212-r4hl7aec7w 10

09-12-2022 20:54

221209-zpzwxshb4y 10

02-12-2022 06:24

221202-g6c5daed8w 10

Analysis

max time kernel
7s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 06:24

Sharing

Report Analysis Logs

General

Target

119.dll
Size

600KB
MD5

86659e53d359999558acaf2de74ceda8
SHA1

76d86cce6c07ad8b1070e555e0e6de68ad01d34d
SHA256

b9c850873402914f5379f21fd04a18e63f2a4638a10bd2bfca005d4d4ed199f9
SHA512

9c3914680e0d9b7ca189c79870067814a4f8d6148da92e81cab3a45ab05c809dc484d32f82d47fc45bcf1ae88e5c4e1c3e1c8376c8bc5bff37fd909c0e37c448
SSDEEP

12288:QSUUEfo5I6/o2qgkpUdW9Msme0CWUdOWk4F:QSTiWDvLORme0C0Wk4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1000 wrote to memory of 1696	1000	rundll32.exe	rundll32.exe
PID 1000 wrote to memory of 1696	1000	rundll32.exe	rundll32.exe
PID 1000 wrote to memory of 1696	1000	rundll32.exe	rundll32.exe
PID 1000 wrote to memory of 1696	1000	rundll32.exe	rundll32.exe
PID 1000 wrote to memory of 1696	1000	rundll32.exe	rundll32.exe
PID 1000 wrote to memory of 1696	1000	rundll32.exe	rundll32.exe
PID 1000 wrote to memory of 1696	1000	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\119.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\119.dll,#1
  2⤵
  PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1696-54-0x0000000000000000-mapping.dmp

Download
memory/1696-55-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download