29d126053287463f1251d59aa2481265484f9dd8a50b19f2e4a1e483f8eb417c | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:41

Sharing

Report Analysis Logs

General

Target

29d126053287463f1251d59aa2481265484f9dd8a50b19f2e4a1e483f8eb417c.dll
Size

184KB
MD5

6ee63deb718d50ab8bdd349306720bfb
SHA1

2c0651831ec554102ac373672a32bbf8b6fff67c
SHA256

29d126053287463f1251d59aa2481265484f9dd8a50b19f2e4a1e483f8eb417c
SHA512

29d2a73ca92213f322ced7b78c21284690c7ea76589f9c796331904b88e653be0b13f00ef4278df813391f098c9f9c0c8d2eb439834e958c24c192ebbe777f02

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1904 wrote to memory of 1256	1904	rundll32.exe	rundll32.exe
PID 1904 wrote to memory of 1256	1904	rundll32.exe	rundll32.exe
PID 1904 wrote to memory of 1256	1904	rundll32.exe	rundll32.exe
PID 1904 wrote to memory of 1256	1904	rundll32.exe	rundll32.exe
PID 1904 wrote to memory of 1256	1904	rundll32.exe	rundll32.exe
PID 1904 wrote to memory of 1256	1904	rundll32.exe	rundll32.exe
PID 1904 wrote to memory of 1256	1904	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29d126053287463f1251d59aa2481265484f9dd8a50b19f2e4a1e483f8eb417c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1904

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29d126053287463f1251d59aa2481265484f9dd8a50b19f2e4a1e483f8eb417c.dll,#1
2⤵
PID:1256

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1256-2-0x0000000000000000-mapping.dmp

Download
memory/1256-3-0x0000000075781000-0x0000000075783000-memory.dmp

Filesize
8KB

Download