92773358e741e1cb54338029554204113fd1488e7ee54fb6f0ff562313fc8ec0 | Triage

Analysis

max time kernel
3s
max time network
10s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:41

Sharing

Report Analysis Logs

General

Target

92773358e741e1cb54338029554204113fd1488e7ee54fb6f0ff562313fc8ec0.dll
Size

236KB
MD5

58d1f031b399275612762891729c55b5
SHA1

97bc8dc7cd5e965b82b9bc5ae0d65fc562a13f28
SHA256

92773358e741e1cb54338029554204113fd1488e7ee54fb6f0ff562313fc8ec0
SHA512

515e1d0ef37e36b5662940dea5b19ffca9880b61ccc30ad754e75c81c52a411c55f027297103fddec85c3928223cdc98ca2c4ffe8307f9dd6a611e12187ca043

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 644 wrote to memory of 2004	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 2004	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 2004	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 2004	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 2004	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 2004	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 2004	644	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\92773358e741e1cb54338029554204113fd1488e7ee54fb6f0ff562313fc8ec0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:644

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\92773358e741e1cb54338029554204113fd1488e7ee54fb6f0ff562313fc8ec0.dll,#1
2⤵
PID:2004

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-0-0x0000000000000000-mapping.dmp

Download
memory/2004-1-0x00000000765E1000-0x00000000765E3000-memory.dmp

Filesize
8KB

Download