cd9faa5dd13494bedf249395430e81f48325403403b59f319f36876c10170103 | Triage

Analysis

max time kernel
5s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
08-04-2021 08:02

Sharing

Report Analysis Logs

General

Target

c1c6e422f9ffc4da10928229be0f49c0.dll
Size

128KB
MD5

c1c6e422f9ffc4da10928229be0f49c0
SHA1

7604e58ff90d4096ae24f40550d9dee76995ca02
SHA256

cd9faa5dd13494bedf249395430e81f48325403403b59f319f36876c10170103
SHA512

af239504abb8b77f4a2023eb224e68766f06a7a932549b45ad8088418db5fbfa05d383bf35b3800d47fae57a2d276485f51da23c19f2bce3a71035bb1116c686

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1084 wrote to memory of 1984	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1984	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1984	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1984	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1984	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1984	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1984	1084	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1c6e422f9ffc4da10928229be0f49c0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1084

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1c6e422f9ffc4da10928229be0f49c0.dll,#1
2⤵
PID:1984

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1984-60-0x0000000000000000-mapping.dmp

Download
memory/1984-61-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download