c4820e71333cd9030cf7ff75f81b1c60204e8b8eec4a13925cc1088e72ec9f9d | Triage

Resubmissions

09-12-2022 21:31

221209-1djk8shc4x 10

02-12-2022 16:25

221202-txan4she2y 10

Analysis

max time kernel
37s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 16:25

Sharing

Report Analysis Logs

General

Target

161.dll
Size

600KB
MD5

7e0d3db8bc82120bb2e3fd6331e2316e
SHA1

4be555dad631c9806ef12d450c14e2d68c24ea66
SHA256

5774320ea6f7dfcf17b439739960f4bae5c852b8b30396934c75cf64a556312a
SHA512

ec0a62863a68b86f6c577c91bbb1793d3dd9d5bae1531077e5e4b3a72c2d948b4dc9f92242132e29c98bf19858ca886806891dffd1294b5a8e32e760bd046df8
SSDEEP

12288:QSUUEfo5I6/o2qgkpUdi9Msme0CWUdOWk4F:QSTiWDvL6Rme0C0Wk4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2020 wrote to memory of 1472	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1472	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1472	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1472	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1472	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1472	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 1472	2020	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\161.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\161.dll,#1
2⤵
PID:1472

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1472-54-0x0000000000000000-mapping.dmp

Download
memory/1472-55-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download