8dce71c908ff32080bc0824f242c3747c178e93de83205244d9ad9586c4e9ad4 | Triage

Analysis

max time kernel
3s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
20-12-2020 07:57

Sharing

Report Analysis Logs

General

Target

29fe282b2e6b0481e2c9d6c28a8923b0.exe.dll
Size

207KB
MD5

29fe282b2e6b0481e2c9d6c28a8923b0
SHA1

7593a3b43784072870dad4d465b27cbda856a80a
SHA256

8dce71c908ff32080bc0824f242c3747c178e93de83205244d9ad9586c4e9ad4
SHA512

21ffed1354f6501885ef079cb1dcd75fdfce25a9e4d04c0bb5e2e77ca2a59d25363a6fadc6487faef840695b67444c696a91785e140e065692452f53755e94d1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1756 wrote to memory of 1096	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1096	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1096	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1096	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1096	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1096	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1096	1756	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29fe282b2e6b0481e2c9d6c28a8923b0.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29fe282b2e6b0481e2c9d6c28a8923b0.exe.dll,#1
2⤵
PID:1096

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1096-2-0x0000000000000000-mapping.dmp

Download