26b3dba0c7cb2a191cb78b03521e6f91a37498059c4eaca26f4d0e0e9b7ab1c9 | Triage

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7v20201028
submitted
14-01-2021 09:56

Sharing

Report Analysis Logs

General

Target

HLn3obcR1vMJZN.dll
Size

236KB
MD5

d6ee575a8fff871d0e541281c7b4bb44
SHA1

a965b3a469a7881587c83627e5b8ee177584e764
SHA256

26b3dba0c7cb2a191cb78b03521e6f91a37498059c4eaca26f4d0e0e9b7ab1c9
SHA512

90e599f5e7ae32de765a420332a53c7fc11d9e1260f6d61513f71943650cc69fd29b2745236648e26877f8b9611d3826323d17ad84ae92393f24fc1df8b1605e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1756 wrote to memory of 1992	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1992	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1992	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1992	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1992	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1992	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1992	1756	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\HLn3obcR1vMJZN.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\HLn3obcR1vMJZN.dll,#1
2⤵
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-2-0x0000000000000000-mapping.dmp

Download