7d17b4e16191d30de1a1b6844074cc1211afd07e5d51097cf96d797833d6f02b | Triage

Analysis

max time kernel
2s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:43

Sharing

Report Analysis Logs

General

Target

7d17b4e16191d30de1a1b6844074cc1211afd07e5d51097cf96d797833d6f02b.dll
Size

184KB
MD5

90265a9043b0724361331f7db536ca92
SHA1

f072cefa62505ca2955625c4b0c161c77f65a7f5
SHA256

7d17b4e16191d30de1a1b6844074cc1211afd07e5d51097cf96d797833d6f02b
SHA512

1a50f13607be75c38e5bea6627924c162d3579a00df7fdcb1409697d86a5bb6f43b4a72d52734f7ea51f2da71321dcdb46ef8f065d5f5249a08b616f371c136d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1680 wrote to memory of 1664	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1664	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1664	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1664	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1664	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1664	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1664	1680	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d17b4e16191d30de1a1b6844074cc1211afd07e5d51097cf96d797833d6f02b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d17b4e16191d30de1a1b6844074cc1211afd07e5d51097cf96d797833d6f02b.dll,#1
2⤵
PID:1664

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-2-0x0000000000000000-mapping.dmp

Download
memory/1664-3-0x00000000756A1000-0x00000000756A3000-memory.dmp

Filesize
8KB

Download