470dc4e56a42293f7c637252006cf961f10e1d1daded14a3751efbe91397dc23 | Triage

Analysis

max time kernel
3s
max time network
10s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:39

Sharing

Report Analysis Logs

General

Target

470dc4e56a42293f7c637252006cf961f10e1d1daded14a3751efbe91397dc23.dll
Size

184KB
MD5

26afd03dc3a20ddd6e63a0f69d863bef
SHA1

994bb5df31011eb297b3e9fa2a6d4873aefc4b64
SHA256

470dc4e56a42293f7c637252006cf961f10e1d1daded14a3751efbe91397dc23
SHA512

2d01cc0a3fb441c951b413d21a38b7433397ae329b28fe2e1282cfd4830679194930197532030c7d1f131b00c310ab274b9e79e6d3098d5eaa7cf9781b3e099d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 544 wrote to memory of 1876	544	rundll32.exe	rundll32.exe
PID 544 wrote to memory of 1876	544	rundll32.exe	rundll32.exe
PID 544 wrote to memory of 1876	544	rundll32.exe	rundll32.exe
PID 544 wrote to memory of 1876	544	rundll32.exe	rundll32.exe
PID 544 wrote to memory of 1876	544	rundll32.exe	rundll32.exe
PID 544 wrote to memory of 1876	544	rundll32.exe	rundll32.exe
PID 544 wrote to memory of 1876	544	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\470dc4e56a42293f7c637252006cf961f10e1d1daded14a3751efbe91397dc23.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:544

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\470dc4e56a42293f7c637252006cf961f10e1d1daded14a3751efbe91397dc23.dll,#1
2⤵
PID:1876

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1876-2-0x0000000000000000-mapping.dmp

Download
memory/1876-3-0x0000000076881000-0x0000000076883000-memory.dmp

Filesize
8KB

Download