d9c690d50ba6f0e1c473a5583625d7c65e3305c6986321224bf6957e765adfda | Triage

Analysis

max time kernel
23s
max time network
26s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:37

Sharing

Report Analysis Logs

General

Target

d9c690d50ba6f0e1c473a5583625d7c65e3305c6986321224bf6957e765adfda.dll
Size

184KB
MD5

6b4719b51b8c5555726af0912957ee07
SHA1

b1945b6d2f6b4fe32363a2340a457e07396b36cd
SHA256

d9c690d50ba6f0e1c473a5583625d7c65e3305c6986321224bf6957e765adfda
SHA512

0ae086d1ce277945a8437a27235daf45fd7b177da4526637c9c75ac75714aa82e50a2706e5f4fcfffa7dc23081e633179e2d21e13c58b272aea3334a4f855e06

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2008 wrote to memory of 904	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 904	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 904	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 904	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 904	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 904	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 904	2008	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9c690d50ba6f0e1c473a5583625d7c65e3305c6986321224bf6957e765adfda.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9c690d50ba6f0e1c473a5583625d7c65e3305c6986321224bf6957e765adfda.dll,#1
2⤵
PID:904

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/904-2-0x0000000000000000-mapping.dmp

Download
memory/904-3-0x0000000075EA1000-0x0000000075EA3000-memory.dmp

Filesize
8KB

Download