843612eb4ea13ec361bd12757af603123926479f7455ffab9eb10bb33d160f53 | Triage

Analysis

max time kernel
2s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:43

Sharing

Report Analysis Logs

General

Target

843612eb4ea13ec361bd12757af603123926479f7455ffab9eb10bb33d160f53.dll
Size

184KB
MD5

e828ac812a4b0759b42ad5ecb2bec3f4
SHA1

8313252766df032fac4254639a22ff96ad51c26b
SHA256

843612eb4ea13ec361bd12757af603123926479f7455ffab9eb10bb33d160f53
SHA512

b8b324d4b308eef6213f6ca01de3020f7ded5ff5aaf26067a4df35ae667965e6b6c8a9d89602209211f11eab5cf4cba16f3df9c6c3deb598a383a4f83445a9cd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1908 wrote to memory of 1336	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1336	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1336	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1336	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1336	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1336	1908	rundll32.exe	rundll32.exe
PID 1908 wrote to memory of 1336	1908	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\843612eb4ea13ec361bd12757af603123926479f7455ffab9eb10bb33d160f53.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\843612eb4ea13ec361bd12757af603123926479f7455ffab9eb10bb33d160f53.dll,#1
2⤵
PID:1336

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1336-2-0x0000000000000000-mapping.dmp

Download
memory/1336-3-0x0000000076271000-0x0000000076273000-memory.dmp

Filesize
8KB

Download