121d7ad19ebd4d1522979a113c7172a7048c1b8945b235e3603bd7ba37a1640a | Triage

Analysis

max time kernel
50s
max time network
51s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:40

Sharing

Report Analysis Logs

General

Target

121d7ad19ebd4d1522979a113c7172a7048c1b8945b235e3603bd7ba37a1640a.dll
Size

184KB
MD5

1d234d1c39fbfb286278ea5a4be6cb00
SHA1

d7e5196a2b0a686c54256c153db4b837891da71c
SHA256

121d7ad19ebd4d1522979a113c7172a7048c1b8945b235e3603bd7ba37a1640a
SHA512

18e7efd1a32a4faa8f6c521780545e27ceb06625609b83cf2a396727b7cd4c5d9d484f6d497b023aaa0a928d179b4747fac7041619371f2fce2c910222b188b6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1968 wrote to memory of 1112	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 1112	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 1112	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 1112	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 1112	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 1112	1968	rundll32.exe	rundll32.exe
PID 1968 wrote to memory of 1112	1968	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\121d7ad19ebd4d1522979a113c7172a7048c1b8945b235e3603bd7ba37a1640a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\121d7ad19ebd4d1522979a113c7172a7048c1b8945b235e3603bd7ba37a1640a.dll,#1
2⤵
PID:1112

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1112-3-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download
memory/1112-2-0x0000000000000000-mapping.dmp

Download