5db3ff6cbc134f2e8b4099fcf4d7a8ee81437c33c45967db8acb884c1bff969d | Triage

Analysis

max time kernel
43s
max time network
44s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:41

Sharing

Report Analysis Logs

General

Target

5db3ff6cbc134f2e8b4099fcf4d7a8ee81437c33c45967db8acb884c1bff969d.dll
Size

236KB
MD5

5129d2d185e0f0d04a8c26fe68ca7ab4
SHA1

e783713aac829655032df4315e8810940f74a9b4
SHA256

5db3ff6cbc134f2e8b4099fcf4d7a8ee81437c33c45967db8acb884c1bff969d
SHA512

cf3fa06110a791cc86bf92440e2a46710ae73ac6971ec1374a3a6d33ef0556e83458498d0beb7800cfea40aa35b3cbd2341deb66963ea8e8003b57a8bffef09a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 744 wrote to memory of 1924	744	rundll32.exe	rundll32.exe
PID 744 wrote to memory of 1924	744	rundll32.exe	rundll32.exe
PID 744 wrote to memory of 1924	744	rundll32.exe	rundll32.exe
PID 744 wrote to memory of 1924	744	rundll32.exe	rundll32.exe
PID 744 wrote to memory of 1924	744	rundll32.exe	rundll32.exe
PID 744 wrote to memory of 1924	744	rundll32.exe	rundll32.exe
PID 744 wrote to memory of 1924	744	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5db3ff6cbc134f2e8b4099fcf4d7a8ee81437c33c45967db8acb884c1bff969d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:744

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5db3ff6cbc134f2e8b4099fcf4d7a8ee81437c33c45967db8acb884c1bff969d.dll,#1
2⤵
PID:1924

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-2-0x0000000000000000-mapping.dmp

Download
memory/1924-3-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download