777309d6a8022725b684a4f9d0cd7fd75239bb6f26b989cf3efd8068a7a4badd | Triage

Analysis

max time kernel
3s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:41

Sharing

Report Analysis Logs

General

Target

777309d6a8022725b684a4f9d0cd7fd75239bb6f26b989cf3efd8068a7a4badd.dll
Size

236KB
MD5

429e870ba63864c0b5bf4e2ee365aca6
SHA1

47780be49d9e3ac455679c90a94538776f362f38
SHA256

777309d6a8022725b684a4f9d0cd7fd75239bb6f26b989cf3efd8068a7a4badd
SHA512

cea2794637f53daa57f79e4f4227cc7203987a755a37e9a0f259b72ea16dd051bc31c8542718d2446e459a8932f364b5ed271ac850d386cd6b42f6e0d809a4cc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\777309d6a8022725b684a4f9d0cd7fd75239bb6f26b989cf3efd8068a7a4badd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\777309d6a8022725b684a4f9d0cd7fd75239bb6f26b989cf3efd8068a7a4badd.dll,#1
2⤵
PID:2016

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-2-0x0000000000000000-mapping.dmp

Download
memory/2016-3-0x0000000074B31000-0x0000000074B33000-memory.dmp

Filesize
8KB

Download