b770687fd98f28f577b713654f53b854baeefe8603ba1f05d24a7b10d9c54349 | Triage

Analysis

max time kernel
22s
max time network
24s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:37

Sharing

Report Analysis Logs

General

Target

b770687fd98f28f577b713654f53b854baeefe8603ba1f05d24a7b10d9c54349.dll
Size

184KB
MD5

0db6d660230cc089d32b44f78912988b
SHA1

efbeabcec10003e3a608a292301b35aa2a651e10
SHA256

b770687fd98f28f577b713654f53b854baeefe8603ba1f05d24a7b10d9c54349
SHA512

e69f8a4c744347597302391470e5087b8c891470067cc979c37efa61bc1d764b49ba57e87f96db020108d6f221cf2b527e3dc6584f4b53bf037e11f93d46df50

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1596 wrote to memory of 1172	1596	rundll32.exe	rundll32.exe
PID 1596 wrote to memory of 1172	1596	rundll32.exe	rundll32.exe
PID 1596 wrote to memory of 1172	1596	rundll32.exe	rundll32.exe
PID 1596 wrote to memory of 1172	1596	rundll32.exe	rundll32.exe
PID 1596 wrote to memory of 1172	1596	rundll32.exe	rundll32.exe
PID 1596 wrote to memory of 1172	1596	rundll32.exe	rundll32.exe
PID 1596 wrote to memory of 1172	1596	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b770687fd98f28f577b713654f53b854baeefe8603ba1f05d24a7b10d9c54349.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1596

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b770687fd98f28f577b713654f53b854baeefe8603ba1f05d24a7b10d9c54349.dll,#1
2⤵
PID:1172

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1172-2-0x0000000000000000-mapping.dmp

Download
memory/1172-3-0x0000000075781000-0x0000000075783000-memory.dmp

Filesize
8KB

Download