5f6a9a44da8044f5babb0467bd6a92467b5d2b83cf99b2d6ce4c023f07fa6de1 | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:42

Sharing

Report Analysis Logs

General

Target

5f6a9a44da8044f5babb0467bd6a92467b5d2b83cf99b2d6ce4c023f07fa6de1.dll
Size

236KB
MD5

1d10764dc5d7ef6779d7de0260586848
SHA1

844da9292729969d262fdacd3f326e86e1bcec46
SHA256

5f6a9a44da8044f5babb0467bd6a92467b5d2b83cf99b2d6ce4c023f07fa6de1
SHA512

9613784d489291fc26991d0a86edb99b4241eff6d246dc0e5aa12b1868d8879ecea1fe839e4860764e7149fd285e269595113ea5aa53a9a3e432794f6fab3cbf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 792 wrote to memory of 2004	792	rundll32.exe	rundll32.exe
PID 792 wrote to memory of 2004	792	rundll32.exe	rundll32.exe
PID 792 wrote to memory of 2004	792	rundll32.exe	rundll32.exe
PID 792 wrote to memory of 2004	792	rundll32.exe	rundll32.exe
PID 792 wrote to memory of 2004	792	rundll32.exe	rundll32.exe
PID 792 wrote to memory of 2004	792	rundll32.exe	rundll32.exe
PID 792 wrote to memory of 2004	792	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f6a9a44da8044f5babb0467bd6a92467b5d2b83cf99b2d6ce4c023f07fa6de1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:792

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f6a9a44da8044f5babb0467bd6a92467b5d2b83cf99b2d6ce4c023f07fa6de1.dll,#1
2⤵
PID:2004

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-2-0x0000000000000000-mapping.dmp

Download
memory/2004-3-0x0000000076861000-0x0000000076863000-memory.dmp

Filesize
8KB

Download