d04300e0998d28e42af7b65906ad9ab888a56fe2333f21f41f1195300e12935e | Triage

Analysis

max time kernel
4s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:37

Sharing

Report Analysis Logs

General

Target

d04300e0998d28e42af7b65906ad9ab888a56fe2333f21f41f1195300e12935e.dll
Size

184KB
MD5

014507ea9ae1f55707ee14bd5a1c1bd5
SHA1

e8e7cdab7292f52b7180431d0f102ab872f711b1
SHA256

d04300e0998d28e42af7b65906ad9ab888a56fe2333f21f41f1195300e12935e
SHA512

f6a95bd4be239dcd085c098cef1e6c4f6260dd01de2bcfdaac0834b8b2d4c1d9161cd94376ad81b23dd8760ae13aa6a8240d81881129d5553eaef191abee646f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1668 wrote to memory of 1172	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 1172	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 1172	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 1172	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 1172	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 1172	1668	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 1172	1668	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d04300e0998d28e42af7b65906ad9ab888a56fe2333f21f41f1195300e12935e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d04300e0998d28e42af7b65906ad9ab888a56fe2333f21f41f1195300e12935e.dll,#1
2⤵
PID:1172

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1172-2-0x0000000000000000-mapping.dmp

Download
memory/1172-3-0x0000000074B31000-0x0000000074B33000-memory.dmp

Filesize
8KB

Download