7cb2d1ec1764fb23c38a6f48f1eaa61d014bfb970ac4f7c764bb6695e31fe56a | Triage

Analysis

max time kernel
23s
max time network
24s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:38

Sharing

Report Analysis Logs

General

Target

7cb2d1ec1764fb23c38a6f48f1eaa61d014bfb970ac4f7c764bb6695e31fe56a.dll
Size

184KB
MD5

6294f9ac7297a0ac25f8d4f9f46d3ab4
SHA1

5762c4492041ab7f5bf4611a88d38f6fb0c33590
SHA256

7cb2d1ec1764fb23c38a6f48f1eaa61d014bfb970ac4f7c764bb6695e31fe56a
SHA512

4b326730f600f058464b3b7a42384668a43af92849d3ea04e217cd7fa974f8f35f68f590966e305df4daca2543ec59e9745e7e79fa6733a6bf93e9bb5fc11c57

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1944 wrote to memory of 1412	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1412	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1412	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1412	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1412	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1412	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 1412	1944	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7cb2d1ec1764fb23c38a6f48f1eaa61d014bfb970ac4f7c764bb6695e31fe56a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1944

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7cb2d1ec1764fb23c38a6f48f1eaa61d014bfb970ac4f7c764bb6695e31fe56a.dll,#1
2⤵
PID:1412

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1412-2-0x0000000000000000-mapping.dmp

Download
memory/1412-3-0x0000000075AE1000-0x0000000075AE3000-memory.dmp

Filesize
8KB

Download