12108d5a8e0e5567400e3bfed061aef2dd77961afb49683ced1f4105da1dc530 | Triage

Analysis

max time kernel
40s
max time network
39s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:38

Sharing

Report Analysis Logs

General

Target

12108d5a8e0e5567400e3bfed061aef2dd77961afb49683ced1f4105da1dc530.dll
Size

184KB
MD5

f10a322e3dd5128ed4977f70a86aa070
SHA1

8ec3ce47b9b9c18afeab7f83156bec8b028faa57
SHA256

12108d5a8e0e5567400e3bfed061aef2dd77961afb49683ced1f4105da1dc530
SHA512

8d905d54acf1753fb8f956270966e927a722ef3ee8b7c28109e4d8eb13436cd26a7264cb649e49e173550d0c75cd4de9876b008c770f1de31df2d9d5648b9f1c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1940 wrote to memory of 2040	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2040	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2040	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2040	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2040	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2040	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2040	1940	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12108d5a8e0e5567400e3bfed061aef2dd77961afb49683ced1f4105da1dc530.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12108d5a8e0e5567400e3bfed061aef2dd77961afb49683ced1f4105da1dc530.dll,#1
2⤵
PID:2040

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-2-0x0000000000000000-mapping.dmp

Download
memory/2040-3-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download