9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69 | Triage

Resubmissions

20-07-2021 12:56

210720-31gxwajb6e 10

08-04-2021 17:31

210408-v4m27pzh7n 10

Analysis

max time kernel
3s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
08-04-2021 17:31

Sharing

Report Analysis Logs

General

Target

9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69.dll
Size

140KB
MD5

e92f45e8639d751bfd6053dd9419d0b9
SHA1

794eb3a9ce8b7e5092bb1b93341a54097f5b78a9
SHA256

9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69
SHA512

1387e60f5e314bd4ff52e34cdfdc4c692b81924192588ec5b583dd3d74e0f8362a83f895b45ccca9095cea35e467d190bea3c99fe98a503b9ae0c5fee90cc380

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 1916	1092	rundll32.exe	25
PID 1092 wrote to memory of 1916	1092	rundll32.exe	25
PID 1092 wrote to memory of 1916	1092	rundll32.exe	25
PID 1092 wrote to memory of 1916	1092	rundll32.exe	25
PID 1092 wrote to memory of 1916	1092	rundll32.exe	25
PID 1092 wrote to memory of 1916	1092	rundll32.exe	25
PID 1092 wrote to memory of 1916	1092	rundll32.exe	25

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69.dll,#1
  2⤵
  PID:1916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1916-60-0x00000000760D1000-0x00000000760D3000-memory.dmp

Filesize
8KB

Download