f0c14a1a0525577bbc3c75e57003ddb6ec7b776f5eb06e03eb30036576ae56a1 | Triage

Analysis

max time kernel
2s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:41

Sharing

Report Analysis Logs

General

Target

f0c14a1a0525577bbc3c75e57003ddb6ec7b776f5eb06e03eb30036576ae56a1.dll
Size

236KB
MD5

c4f48e25bb35b84ff558d8142bde78ff
SHA1

22d702d5d2a28416b364f42ee1bf3dc6392a46a2
SHA256

f0c14a1a0525577bbc3c75e57003ddb6ec7b776f5eb06e03eb30036576ae56a1
SHA512

8229a94424dd728f922e2e75b4db26efa6530a3a297c113602fdf6398f91a853c21a9566f12dd4fc0171372842ee2faed54be6db4738e5b6bdc7fd3f7338e936

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1636 wrote to memory of 1144	1636	rundll32.exe	rundll32.exe
PID 1636 wrote to memory of 1144	1636	rundll32.exe	rundll32.exe
PID 1636 wrote to memory of 1144	1636	rundll32.exe	rundll32.exe
PID 1636 wrote to memory of 1144	1636	rundll32.exe	rundll32.exe
PID 1636 wrote to memory of 1144	1636	rundll32.exe	rundll32.exe
PID 1636 wrote to memory of 1144	1636	rundll32.exe	rundll32.exe
PID 1636 wrote to memory of 1144	1636	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f0c14a1a0525577bbc3c75e57003ddb6ec7b776f5eb06e03eb30036576ae56a1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1636

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f0c14a1a0525577bbc3c75e57003ddb6ec7b776f5eb06e03eb30036576ae56a1.dll,#1
2⤵
PID:1144

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1144-2-0x0000000000000000-mapping.dmp

Download
memory/1144-3-0x00000000761E1000-0x00000000761E3000-memory.dmp

Filesize
8KB

Download