5de080d72dacb9cb2611eb19e8c001e9d2e1985ab4274c87ba81665e6b7407ec | Triage

Analysis

max time kernel
5s
max time network
12s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:38

Sharing

Report Analysis Logs

General

Target

5de080d72dacb9cb2611eb19e8c001e9d2e1985ab4274c87ba81665e6b7407ec.dll
Size

184KB
MD5

7fe27e9b1e7954b4b33bcb508c4f0d43
SHA1

0b555b8dcfceee24b98ae1d9995697f68471bf20
SHA256

5de080d72dacb9cb2611eb19e8c001e9d2e1985ab4274c87ba81665e6b7407ec
SHA512

2983c4f7bf1f2ef9ae73a933db9f9b19d26f752a0b75dd287cd1a3649b78cd69ab670b8b2c4c4d904c754f2217d20d964f4244ca0f1c7822c01d4a02bbb1b43f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1616 wrote to memory of 2016	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2016	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2016	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2016	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2016	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2016	1616	rundll32.exe	rundll32.exe
PID 1616 wrote to memory of 2016	1616	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5de080d72dacb9cb2611eb19e8c001e9d2e1985ab4274c87ba81665e6b7407ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5de080d72dacb9cb2611eb19e8c001e9d2e1985ab4274c87ba81665e6b7407ec.dll,#1
2⤵
PID:2016

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-2-0x0000000000000000-mapping.dmp

Download
memory/2016-3-0x00000000765A1000-0x00000000765A3000-memory.dmp

Filesize
8KB

Download