9f948ac0dd82ec3d09e69cb664f15792a9967760c97ff9d59242edc13b348db9 | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7v20210410
submitted
16-05-2021 04:34

Sharing

Report Analysis Logs

General

Target

9f948ac0dd82ec3d09e69cb664f15792a9967760c97ff9d59242edc13b348db9.dll
Size

1.2MB
MD5

6e6e3a07a0ed94b196976ba37a073c80
SHA1

9f61308e4636711eb317f622b5e596e972857a33
SHA256

9f948ac0dd82ec3d09e69cb664f15792a9967760c97ff9d59242edc13b348db9
SHA512

e5645e67823b64dd2e45e00e2ecf2bed5ff1bd5469dd25538744e22ad9d0dc4f2d80ee01d8d5deb6aa31cc02736f944c2ed47f787f96580b6423fce016674f01

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1640 wrote to memory of 2040	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 2040	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 2040	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 2040	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 2040	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 2040	1640	rundll32.exe	rundll32.exe
PID 1640 wrote to memory of 2040	1640	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f948ac0dd82ec3d09e69cb664f15792a9967760c97ff9d59242edc13b348db9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1640

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f948ac0dd82ec3d09e69cb664f15792a9967760c97ff9d59242edc13b348db9.dll,#1
2⤵
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-59-0x0000000000000000-mapping.dmp

Download
memory/2040-60-0x0000000075631000-0x0000000075633000-memory.dmp

Filesize
8KB

Download