d649e619a7eb3b8285578cdcb7381852a453cbfde3b4b6ecfcade2a810a7c00d | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:36

Sharing

Report Analysis Logs

General

Target

d649e619a7eb3b8285578cdcb7381852a453cbfde3b4b6ecfcade2a810a7c00d.dll
Size

184KB
MD5

4d8e1f16ae754a9c1ccba460e824ffd9
SHA1

c5485739374299f7fde2a676e68e50ee16357380
SHA256

d649e619a7eb3b8285578cdcb7381852a453cbfde3b4b6ecfcade2a810a7c00d
SHA512

de8015929d17fffee9f22729f26f27dbf2721e3ff4c2fea2e98c8da86fbe190f672469313a7d92f70640c324f4a27db9426ea384bf2f0329f33e4b525b1e8621

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1900 wrote to memory of 1496	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1496	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1496	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1496	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1496	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1496	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1496	1900	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d649e619a7eb3b8285578cdcb7381852a453cbfde3b4b6ecfcade2a810a7c00d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d649e619a7eb3b8285578cdcb7381852a453cbfde3b4b6ecfcade2a810a7c00d.dll,#1
2⤵
PID:1496

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1496-2-0x0000000000000000-mapping.dmp

Download
memory/1496-3-0x0000000076271000-0x0000000076273000-memory.dmp

Filesize
8KB

Download