a79eb0d2f4779168d16d1a40eb7ed4c32c5369974ab80751ae1f171b3acd6425 | Triage

Analysis

max time kernel
37s
max time network
36s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:38

Sharing

Report Analysis Logs

General

Target

a79eb0d2f4779168d16d1a40eb7ed4c32c5369974ab80751ae1f171b3acd6425.dll
Size

184KB
MD5

baec0cfb59a5bc857cd8e918bee278c6
SHA1

911a6e5307a3ae61d347a8f940cb988f1d9b8fa1
SHA256

a79eb0d2f4779168d16d1a40eb7ed4c32c5369974ab80751ae1f171b3acd6425
SHA512

017e5f784bc59b3c032375cba9a1cbfccb00a9f0f11cea85d7509ac3f859315ce42872b00b3de6df4eca500a77afba3756f02c01d4e1f71606433f16e5c0095f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1812 wrote to memory of 1288	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1288	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1288	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1288	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1288	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1288	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1288	1812	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a79eb0d2f4779168d16d1a40eb7ed4c32c5369974ab80751ae1f171b3acd6425.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1812

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a79eb0d2f4779168d16d1a40eb7ed4c32c5369974ab80751ae1f171b3acd6425.dll,#1
2⤵
PID:1288

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1288-2-0x0000000000000000-mapping.dmp

Download
memory/1288-3-0x0000000076241000-0x0000000076243000-memory.dmp

Filesize
8KB

Download