07c57aa57cf0d081428f59e0e9fceee0df2dc2e37c2ce4b0799b6f14dc783662 | Triage

Analysis

max time kernel
32s
max time network
32s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:43

Sharing

Report Analysis Logs

General

Target

07c57aa57cf0d081428f59e0e9fceee0df2dc2e37c2ce4b0799b6f14dc783662.dll
Size

184KB
MD5

bdfd259e77807af4f5fcc9ac597fbe7c
SHA1

64a39b088e56d9c51ce255d85827603cfdee3697
SHA256

07c57aa57cf0d081428f59e0e9fceee0df2dc2e37c2ce4b0799b6f14dc783662
SHA512

ca30bc1ee2b18b1a6a4b1e65eef46917a7ab075009deccb1a2c789fc6bfaa779f110002edc94e696d0eb360be6612756e94ef04e749d833b852094482883b5e9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2044 wrote to memory of 1228	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1228	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1228	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1228	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1228	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1228	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 1228	2044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\07c57aa57cf0d081428f59e0e9fceee0df2dc2e37c2ce4b0799b6f14dc783662.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\07c57aa57cf0d081428f59e0e9fceee0df2dc2e37c2ce4b0799b6f14dc783662.dll,#1
2⤵
PID:1228

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1228-0-0x0000000000000000-mapping.dmp

Download
memory/1228-3-0x0000000075251000-0x0000000075253000-memory.dmp

Filesize
8KB

Download