b6c6d1bf5295933f56a238132542583d533db64806c4bdbfab42ee512aa8136a | Triage

Analysis

max time kernel
23s
max time network
24s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:43

Sharing

Report Analysis Logs

General

Target

b6c6d1bf5295933f56a238132542583d533db64806c4bdbfab42ee512aa8136a.dll
Size

184KB
MD5

fb43a3f72e452ba57739569c5dd9df9f
SHA1

18c1a94b6d87a5ebd703ef978d01a0b9cd4e96f4
SHA256

b6c6d1bf5295933f56a238132542583d533db64806c4bdbfab42ee512aa8136a
SHA512

1aa0a36f866c11c18bbae1b3b4bd5d180ad4cbe5f83ae8052d8549614e8330d94a3971c230d5a35fc2baa1138c8436669b92b62ff2b9f8cf7eedb29080397eba

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2008 wrote to memory of 1376	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1376	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1376	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1376	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1376	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1376	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1376	2008	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6c6d1bf5295933f56a238132542583d533db64806c4bdbfab42ee512aa8136a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6c6d1bf5295933f56a238132542583d533db64806c4bdbfab42ee512aa8136a.dll,#1
2⤵
PID:1376

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1376-3-0x0000000075EA1000-0x0000000075EA3000-memory.dmp

Filesize
8KB

Download
memory/1376-2-0x0000000000000000-mapping.dmp

Download