85271f44efa8a118a5e6a96162fd936b8437b35e00bc427a2bb50d95a729be9d | Triage

Analysis

max time kernel
3s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
02-03-2021 14:01

Sharing

Report Analysis Logs

General

Target

85271f44efa8a118a5e6a96162fd936b8437b35e00bc427a2bb50d95a729be9d.dll
Size

3.9MB
MD5

803083b834c675456df109850c872306
SHA1

817f3552d1e0ae1e4da3d05487ae84bfd1931285
SHA256

85271f44efa8a118a5e6a96162fd936b8437b35e00bc427a2bb50d95a729be9d
SHA512

55395a2b410e704c1cd2006aa89c9679fa06fb9805bbdfc6f061b4e031f6c0561ee867d46463b366e625672f48fe8aec1aebd14302ab9cefc1df613e3503203f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1684 wrote to memory of 1972	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1972	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1972	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1972	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1972	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1972	1684	rundll32.exe	rundll32.exe
PID 1684 wrote to memory of 1972	1684	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85271f44efa8a118a5e6a96162fd936b8437b35e00bc427a2bb50d95a729be9d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85271f44efa8a118a5e6a96162fd936b8437b35e00bc427a2bb50d95a729be9d.dll,#1
2⤵
PID:1972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-2-0x0000000000000000-mapping.dmp

Download
memory/1972-3-0x00000000756A1000-0x00000000756A3000-memory.dmp

Filesize
8KB

Download