6051b48aec404b59c50d345ab610b636538856d9da2edb7e1432f4497f62d882 | Triage

Analysis

max time kernel
85s
max time network
84s
platform
windows7_x64
resource
win7v20201028
submitted
12-11-2020 13:52

Sharing

Report Analysis Logs

General

Target

6051b48aec404b59c50d345ab610b636538856d9da2edb7e1432f4497f62d882.dll
Size

207KB
MD5

21c599af3f3061449ead4aa68fcc3a00
SHA1

87c65413e7dc98aabe171528b0c3d1708531e9d1
SHA256

6051b48aec404b59c50d345ab610b636538856d9da2edb7e1432f4497f62d882
SHA512

a8c375e9d626e785e79d3190398477f3a7502523521b4feabb586c5df64de1a28e51b8586bf068e35154c77a0c95a71bff3bc74cea53d420e5582eb9891e931b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2028 wrote to memory of 1232	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1232	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1232	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1232	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1232	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1232	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 1232	2028	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6051b48aec404b59c50d345ab610b636538856d9da2edb7e1432f4497f62d882.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6051b48aec404b59c50d345ab610b636538856d9da2edb7e1432f4497f62d882.dll,#1
2⤵
PID:1232

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1232-0-0x0000000000000000-mapping.dmp

Download