12b7d284bad00fcbad6d13f56ee58085aa82e7ae5aa968fd6bdc4d04d63c9be7 | Triage

Analysis

max time kernel
60s
max time network
50s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:38

Sharing

Report Analysis Logs

General

Target

12b7d284bad00fcbad6d13f56ee58085aa82e7ae5aa968fd6bdc4d04d63c9be7.dll
Size

184KB
MD5

ff2c92b08cbf9fee624c7ff02e368737
SHA1

daadb094e5179e269c959e3e2324b4fd6eae94b9
SHA256

12b7d284bad00fcbad6d13f56ee58085aa82e7ae5aa968fd6bdc4d04d63c9be7
SHA512

74ee9f6acecb946280576f25c8e3a0cc4d61e45cd01a7ffc5c60edb597becbb472ff1ce805349309b2e5e7605f5d27596c8f992fb5129a71c5581403751508d7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1968 wrote to memory of 2040	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 2040	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 2040	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 2040	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 2040	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 2040	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 2040	1968	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12b7d284bad00fcbad6d13f56ee58085aa82e7ae5aa968fd6bdc4d04d63c9be7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12b7d284bad00fcbad6d13f56ee58085aa82e7ae5aa968fd6bdc4d04d63c9be7.dll,#1
2⤵
PID:2040

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-2-0x0000000000000000-mapping.dmp

Download
memory/2040-3-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download