7cefe6086777f99d3ef9374a2bf1660a8df6de5f9d0cefae929971ba50dcdbda | Triage

Analysis

max time kernel
4s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
15-11-2020 23:13

Sharing

Report Analysis Logs

General

Target

7cefe6086777f99d3ef9374a2bf1660a8df6de5f9d0cefae929971ba50dcdbda.dll
Size

207KB
MD5

a49d6cf202a019d154efa02078e2fd4a
SHA1

4a716f09ab18a56ae895f9c2f5b74966db641bf5
SHA256

7cefe6086777f99d3ef9374a2bf1660a8df6de5f9d0cefae929971ba50dcdbda
SHA512

96ec590178408731a391c1719079d17c58ccabf266df0a2627f6e96b06d3bff0d20b1e892e5cc68721a25d238553c764951be06949850cd755dbdac9edc9c328

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 364 wrote to memory of 1664	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1664	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1664	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1664	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1664	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1664	364	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1664	364	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7cefe6086777f99d3ef9374a2bf1660a8df6de5f9d0cefae929971ba50dcdbda.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:364

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7cefe6086777f99d3ef9374a2bf1660a8df6de5f9d0cefae929971ba50dcdbda.dll,#1
2⤵
PID:1664

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-0-0x0000000000000000-mapping.dmp

Download