0f3f411b1a0a21603718af7d9b42f00cfaed9187e29a2282c964c63029d44f26 | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:43

Sharing

Report Analysis Logs

General

Target

0f3f411b1a0a21603718af7d9b42f00cfaed9187e29a2282c964c63029d44f26.dll
Size

184KB
MD5

65471b2f63dadbcc2175b5bf90c094e6
SHA1

a4736b0eaef5a29d6150146899302e3e6a07d8b9
SHA256

0f3f411b1a0a21603718af7d9b42f00cfaed9187e29a2282c964c63029d44f26
SHA512

a7998ab163ba9f1f15fc06c26926112eafe9736f78c34ffadca1c50ee8d7228e83aea1de0aece627b206c5a669010253449cb300926e10ddc8ec2881055c0d59

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1676 wrote to memory of 1492	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1492	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1492	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1492	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1492	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1492	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1492	1676	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f3f411b1a0a21603718af7d9b42f00cfaed9187e29a2282c964c63029d44f26.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f3f411b1a0a21603718af7d9b42f00cfaed9187e29a2282c964c63029d44f26.dll,#1
2⤵
PID:1492

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1492-3-0x0000000075A41000-0x0000000075A43000-memory.dmp

Filesize
8KB

Download
memory/1492-2-0x0000000000000000-mapping.dmp

Download