f08b7a69649a6a3fbfca12444ec834fcd9c1004f1c1d77aef5cd74052a181cd8 | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:38

Sharing

Report Analysis Logs

General

Target

f08b7a69649a6a3fbfca12444ec834fcd9c1004f1c1d77aef5cd74052a181cd8.dll
Size

184KB
MD5

0bb244ca0d4c7cc5d1ffde3fa5716c99
SHA1

2018b09e20ad5442db96f9f0e970cd3148c878d6
SHA256

f08b7a69649a6a3fbfca12444ec834fcd9c1004f1c1d77aef5cd74052a181cd8
SHA512

3c66a6c03fa2777fe38f7a696d3af7eb4993a192e4257987838f40856947df1d71726a30a075a7346a4e4d861198cda2862c3f8bc7347c0cb9b7a1c0e16a364b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1932 wrote to memory of 908	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 908	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 908	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 908	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 908	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 908	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 908	1932	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f08b7a69649a6a3fbfca12444ec834fcd9c1004f1c1d77aef5cd74052a181cd8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1932

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f08b7a69649a6a3fbfca12444ec834fcd9c1004f1c1d77aef5cd74052a181cd8.dll,#1
2⤵
PID:908

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/908-2-0x0000000000000000-mapping.dmp

Download
memory/908-3-0x00000000750C1000-0x00000000750C3000-memory.dmp

Filesize
8KB

Download