7e901f48a33d2612840a8ea006afd3f2f0a497a4509380a9b0dd1b75d17588eb

General
Target

7e901f48a33d2612840a8ea006afd3f2f0a497a4509380a9b0dd1b75d17588eb.dll

Filesize

184KB

Completed

23-02-2021 12:44

Score
1 /10
MD5

905394f3c9451f08df0ea67decae3ce4

SHA1

e7f505eff6f8e0b838f396a5da428730fcc9ff1c

SHA256

7e901f48a33d2612840a8ea006afd3f2f0a497a4509380a9b0dd1b75d17588eb

Malware Config
Signatures 1

Filter: none

  • Suspicious use of WriteProcessMemory
    rundll32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 1108 wrote to memory of 15121108rundll32.exerundll32.exe
    PID 1108 wrote to memory of 15121108rundll32.exerundll32.exe
    PID 1108 wrote to memory of 15121108rundll32.exerundll32.exe
    PID 1108 wrote to memory of 15121108rundll32.exerundll32.exe
    PID 1108 wrote to memory of 15121108rundll32.exerundll32.exe
    PID 1108 wrote to memory of 15121108rundll32.exerundll32.exe
    PID 1108 wrote to memory of 15121108rundll32.exerundll32.exe
Processes 2
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e901f48a33d2612840a8ea006afd3f2f0a497a4509380a9b0dd1b75d17588eb.dll,#1
    Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e901f48a33d2612840a8ea006afd3f2f0a497a4509380a9b0dd1b75d17588eb.dll,#1
      PID:1512
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1512-2-0x0000000000000000-mapping.dmp

                          • memory/1512-3-0x00000000760D1000-0x00000000760D3000-memory.dmp