37f273d810a27f50f78d453bf80d89696a598ae6aac897c4fef8f5824b12416b | Triage

Analysis

max time kernel
3s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:41

Sharing

Report Analysis Logs

General

Target

37f273d810a27f50f78d453bf80d89696a598ae6aac897c4fef8f5824b12416b.dll
Size

236KB
MD5

c481096535509418ca2f85c4d85ac3fb
SHA1

0cb1779f09887d093dfe4f662e1f5955f2ab8010
SHA256

37f273d810a27f50f78d453bf80d89696a598ae6aac897c4fef8f5824b12416b
SHA512

c64ce185e569f6292d765101eb36320dd789cc286a36e47c118b5bbc5892051702320999170cb1189a76e3437943ade044352e6cf301e60d28cc79f3c126b32f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1044 wrote to memory of 1992	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1992	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1992	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1992	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1992	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1992	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1992	1044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37f273d810a27f50f78d453bf80d89696a598ae6aac897c4fef8f5824b12416b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37f273d810a27f50f78d453bf80d89696a598ae6aac897c4fef8f5824b12416b.dll,#1
2⤵
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-2-0x0000000000000000-mapping.dmp

Download
memory/1992-3-0x00000000760A1000-0x00000000760A3000-memory.dmp

Filesize
8KB

Download