e4c632bea35bdf0a89b6e01e9e11c59a63564dbebc9279ca77295c7484293f8a | Triage

Analysis

max time kernel
2s
max time network
10s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:41

Sharing

Report Analysis Logs

General

Target

e4c632bea35bdf0a89b6e01e9e11c59a63564dbebc9279ca77295c7484293f8a.dll
Size

236KB
MD5

52da558664138dfb74b3e2b913dc2116
SHA1

8ab35e0284d16f46a25ba0175e46877f86e0bc63
SHA256

e4c632bea35bdf0a89b6e01e9e11c59a63564dbebc9279ca77295c7484293f8a
SHA512

5f2b947d100dd0f239d3d356e9050208b2ed08d99a8cf1b8f1ec52104e38bcb03caffbcc17646f727353643e40f9041566fabe7e8e566080b811ffb4b1069574

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 784 wrote to memory of 1508	784	rundll32.exe	rundll32.exe
PID 784 wrote to memory of 1508	784	rundll32.exe	rundll32.exe
PID 784 wrote to memory of 1508	784	rundll32.exe	rundll32.exe
PID 784 wrote to memory of 1508	784	rundll32.exe	rundll32.exe
PID 784 wrote to memory of 1508	784	rundll32.exe	rundll32.exe
PID 784 wrote to memory of 1508	784	rundll32.exe	rundll32.exe
PID 784 wrote to memory of 1508	784	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4c632bea35bdf0a89b6e01e9e11c59a63564dbebc9279ca77295c7484293f8a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:784

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4c632bea35bdf0a89b6e01e9e11c59a63564dbebc9279ca77295c7484293f8a.dll,#1
2⤵
PID:1508

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1508-2-0x0000000000000000-mapping.dmp

Download
memory/1508-3-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download