7e901f48a33d2612840a8ea006afd3f2f0a497a4509380a9b0dd1b75d17588eb
General
Target
Filesize
Completed
7e901f48a33d2612840a8ea006afd3f2f0a497a4509380a9b0dd1b75d17588eb.dll
184KB
23-02-2021 12:44
Score
1
/10
MD5
SHA1
SHA256
905394f3c9451f08df0ea67decae3ce4
e7f505eff6f8e0b838f396a5da428730fcc9ff1c
7e901f48a33d2612840a8ea006afd3f2f0a497a4509380a9b0dd1b75d17588eb
Malware Config
Signatures 1
Filter: none
-
Suspicious use of WriteProcessMemoryrundll32.exe
Reported IOCs
description pid process target process PID 1108 wrote to memory of 1512 1108 rundll32.exe rundll32.exe PID 1108 wrote to memory of 1512 1108 rundll32.exe rundll32.exe PID 1108 wrote to memory of 1512 1108 rundll32.exe rundll32.exe PID 1108 wrote to memory of 1512 1108 rundll32.exe rundll32.exe PID 1108 wrote to memory of 1512 1108 rundll32.exe rundll32.exe PID 1108 wrote to memory of 1512 1108 rundll32.exe rundll32.exe PID 1108 wrote to memory of 1512 1108 rundll32.exe rundll32.exe
Processes 2
-
C:\Windows\system32\rundll32.exePID:1108rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e901f48a33d2612840a8ea006afd3f2f0a497a4509380a9b0dd1b75d17588eb.dll,#1Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exePID:1512rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e901f48a33d2612840a8ea006afd3f2f0a497a4509380a9b0dd1b75d17588eb.dll,#1
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/1512-2-0x0000000000000000-mapping.dmp
-
memory/1512-3-0x00000000760D1000-0x00000000760D3000-memory.dmp
Title
Loading Data