b4b367dd3b9e4a0ad65fd38d50dd5e7925e7320c45477d5e5cb7f418d96e12a7 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:38

Sharing

Report Analysis Logs

General

Target

b4b367dd3b9e4a0ad65fd38d50dd5e7925e7320c45477d5e5cb7f418d96e12a7.dll
Size

184KB
MD5

a0db8e6f654e6cf12ad424771ff55814
SHA1

db4c77c79bed908b5e42a8f766df895cfa862b2f
SHA256

b4b367dd3b9e4a0ad65fd38d50dd5e7925e7320c45477d5e5cb7f418d96e12a7
SHA512

cfea917560f5dbb076f18590006bcbfa76cacec1132d051ca35a404c3f8d7daedc7f7ae075d0ccf88ba68469b7417867ab9c0e4954ae455458f201f74c11bd3e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1864 wrote to memory of 1216	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1216	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1216	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1216	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1216	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1216	1864	rundll32.exe	rundll32.exe
PID 1864 wrote to memory of 1216	1864	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4b367dd3b9e4a0ad65fd38d50dd5e7925e7320c45477d5e5cb7f418d96e12a7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1864

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4b367dd3b9e4a0ad65fd38d50dd5e7925e7320c45477d5e5cb7f418d96e12a7.dll,#1
2⤵
PID:1216

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1216-2-0x0000000000000000-mapping.dmp

Download
memory/1216-3-0x00000000760B1000-0x00000000760B3000-memory.dmp

Filesize
8KB

Download