810c10b742f825ce2398fed58f6e8c498c7c22c2e5bf4e7d3409b35933b88a57 | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:43

Sharing

Report Analysis Logs

General

Target

810c10b742f825ce2398fed58f6e8c498c7c22c2e5bf4e7d3409b35933b88a57.dll
Size

184KB
MD5

2128392884654afed3309a41c5aba592
SHA1

330853997b97dbae29ce665c3458f9510ebca719
SHA256

810c10b742f825ce2398fed58f6e8c498c7c22c2e5bf4e7d3409b35933b88a57
SHA512

d1801523f039587100ac021edc48c3db823983a5bf7312e8bb187c4637d2b104bd895822d5aa790c09943f8ec8d367f95be4a3f288c75c28d60a2aa80524012a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1616 wrote to memory of 2012	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2012	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2012	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2012	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2012	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2012	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2012	1616	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\810c10b742f825ce2398fed58f6e8c498c7c22c2e5bf4e7d3409b35933b88a57.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\810c10b742f825ce2398fed58f6e8c498c7c22c2e5bf4e7d3409b35933b88a57.dll,#1
2⤵
PID:2012

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-2-0x0000000000000000-mapping.dmp

Download
memory/2012-3-0x00000000765A1000-0x00000000765A3000-memory.dmp

Filesize
8KB

Download