45d074cb2c98471494bcf5e6b9457619e40a28e640c93e5af34f1bab7c755865 | Triage

Analysis

max time kernel
4s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:41

Sharing

Report Analysis Logs

General

Target

45d074cb2c98471494bcf5e6b9457619e40a28e640c93e5af34f1bab7c755865.dll
Size

184KB
MD5

5fff633f2218865464a4bfc5c7c6bab2
SHA1

2114d17ccd3ee9bb7abe9634107e339bfb9e2f11
SHA256

45d074cb2c98471494bcf5e6b9457619e40a28e640c93e5af34f1bab7c755865
SHA512

3832f559de60c3339616632e740385f231231e7dd3cb597b67d50135ba618cbacd94dea4cc8de42e763ed5838fcf1fc1530a9195e1d455beb6ad9124fea8090d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1856 wrote to memory of 2012	1856	rundll32.exe	rundll32.exe
PID 1856 wrote to memory of 2012	1856	rundll32.exe	rundll32.exe
PID 1856 wrote to memory of 2012	1856	rundll32.exe	rundll32.exe
PID 1856 wrote to memory of 2012	1856	rundll32.exe	rundll32.exe
PID 1856 wrote to memory of 2012	1856	rundll32.exe	rundll32.exe
PID 1856 wrote to memory of 2012	1856	rundll32.exe	rundll32.exe
PID 1856 wrote to memory of 2012	1856	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45d074cb2c98471494bcf5e6b9457619e40a28e640c93e5af34f1bab7c755865.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1856

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45d074cb2c98471494bcf5e6b9457619e40a28e640c93e5af34f1bab7c755865.dll,#1
2⤵
PID:2012

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-2-0x0000000000000000-mapping.dmp

Download
memory/2012-3-0x00000000767E1000-0x00000000767E3000-memory.dmp

Filesize
8KB

Download