101454f3f84ffb012a53117d91d6dcb5a264606a38f53d3b2129bcc52d961d23 | Triage

Analysis

max time kernel
3s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:42

Sharing

Report Analysis Logs

General

Target

101454f3f84ffb012a53117d91d6dcb5a264606a38f53d3b2129bcc52d961d23.dll
Size

184KB
MD5

1b143d8f2933ef1c0930fd259d9ff0d7
SHA1

86727ab02b675aaa3c4b21c5a5ce382c523785da
SHA256

101454f3f84ffb012a53117d91d6dcb5a264606a38f53d3b2129bcc52d961d23
SHA512

969a9a80447f12e76e4e1f0e7d7496dafda3d363e341c90425d520b38772a22268635950d84980400a89aa4eeecc0be575c5717d0baf740a5f3d98eea2d721d5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1072 wrote to memory of 284	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 284	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 284	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 284	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 284	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 284	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 284	1072	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\101454f3f84ffb012a53117d91d6dcb5a264606a38f53d3b2129bcc52d961d23.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1072

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\101454f3f84ffb012a53117d91d6dcb5a264606a38f53d3b2129bcc52d961d23.dll,#1
2⤵
PID:284

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/284-2-0x0000000000000000-mapping.dmp

Download
memory/284-3-0x0000000075251000-0x0000000075253000-memory.dmp

Filesize
8KB

Download