1204c2bc02431a696c9d452daf3b77672f9001b6ef7abea6c5384d8091a545e9 | Triage

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-12-2022 05:22

Sharing

Report Analysis Logs

General

Target

friskingly/titivating.dll
Size

599KB
MD5

b18962586238e5a713b8a9dda2928ac6
SHA1

5e14559daeb93083171d8d4e3bc63ebb72b88e6e
SHA256

97a3cb32f891f0d01251c307356a5e89a71ebc9af24fde703f8e04aae24a72d4
SHA512

240aeddce61725162a292a6e33668eb2e67a86a448f57cb9bafef94f419b26277577af6ebd6e4825ad54d131d60f9d619b0fa6dd5f1ba63d78600ba854f17cf2
SSDEEP

12288:W+hfiNzqkalTfvvHWiYj7amQZGTcpy20ZsGOIBrupfJ:W+hnXWi+2pZG40P6nIBrUJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1044 wrote to memory of 1428	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1428	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1428	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1428	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1428	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1428	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1428	1044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\friskingly\titivating.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\friskingly\titivating.dll,#1
2⤵
PID:1428

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1428-54-0x0000000000000000-mapping.dmp

Download
memory/1428-55-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download