53bdd481779f0a5ba95745c51ef273b4201a8133b140cbdaa6020c80fcc72906 | Triage

Analysis

max time kernel
3s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:39

Sharing

Report Analysis Logs

General

Target

53bdd481779f0a5ba95745c51ef273b4201a8133b140cbdaa6020c80fcc72906.dll
Size

184KB
MD5

f05235fc5c0828ae0866cf0b6eddb53a
SHA1

3e68288c1c0bba92c918ad5688b6b773940a044f
SHA256

53bdd481779f0a5ba95745c51ef273b4201a8133b140cbdaa6020c80fcc72906
SHA512

921ab23d3af7adb8b58894bb6cca2b5bf9ecef1531bbf20e7d880c50a218d5427db508dfc52fa648061c1705b5f1e337105d22f9d7ed8fe750025968c613b5c9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1020 wrote to memory of 1860	1020	rundll32.exe	rundll32.exe
PID 1020 wrote to memory of 1860	1020	rundll32.exe	rundll32.exe
PID 1020 wrote to memory of 1860	1020	rundll32.exe	rundll32.exe
PID 1020 wrote to memory of 1860	1020	rundll32.exe	rundll32.exe
PID 1020 wrote to memory of 1860	1020	rundll32.exe	rundll32.exe
PID 1020 wrote to memory of 1860	1020	rundll32.exe	rundll32.exe
PID 1020 wrote to memory of 1860	1020	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\53bdd481779f0a5ba95745c51ef273b4201a8133b140cbdaa6020c80fcc72906.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1020

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\53bdd481779f0a5ba95745c51ef273b4201a8133b140cbdaa6020c80fcc72906.dll,#1
2⤵
PID:1860

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1860-2-0x0000000000000000-mapping.dmp

Download
memory/1860-3-0x00000000753E1000-0x00000000753E3000-memory.dmp

Filesize
8KB

Download
memory/1860-4-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download