7b97fd1218c37c7014a6aef117927cb36f848ad93d53c408e6c080d0cf0aec27 | Triage

Analysis

max time kernel
83s
max time network
82s
platform
windows7_x64
resource
win7v20201028
submitted
01-03-2021 18:01

Sharing

Report Analysis Logs

General

Target

7b97fd1218c37c7014a6aef117927cb36f848ad93d53c408e6c080d0cf0aec27.bin.dll
Size

115KB
MD5

803ce5006616c1343e73ce4500a2b3e2
SHA1

0634757441799167f618d1ede75abe95c20765c0
SHA256

7b97fd1218c37c7014a6aef117927cb36f848ad93d53c408e6c080d0cf0aec27
SHA512

8b549e55e270bc2ede09332faed4e2a98e47ec6afcb32d0c41cff338f9892d103a1924ba2af9d1c0129b2f65e750e9ec6bfdc37657c67ac72000f2898b301200

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1648 wrote to memory of 1100	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1100	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1100	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1100	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1100	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1100	1648	rundll32.exe	rundll32.exe
PID 1648 wrote to memory of 1100	1648	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b97fd1218c37c7014a6aef117927cb36f848ad93d53c408e6c080d0cf0aec27.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1648

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b97fd1218c37c7014a6aef117927cb36f848ad93d53c408e6c080d0cf0aec27.bin.dll,#1
2⤵
PID:1100

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1100-2-0x0000000000000000-mapping.dmp

Download
memory/1100-3-0x0000000074D11000-0x0000000074D13000-memory.dmp

Filesize
8KB

Download