8913d9474fb91ba5f1d76740b08828b93f55022c5cc9d908ec3fc1abd0da98e0 | Triage

Analysis

max time kernel
5s
max time network
114s
platform
windows7_x64
resource
win7v20210408
submitted
15-06-2021 11:19

Sharing

Report Analysis Logs

General

Target

8913d9474fb91ba5f1d76740b08828b93f55022c5cc9d908ec3fc1abd0da98e0.bin.sample.dll
Size

119KB
MD5

741a67164cae752512afe51a9e3a8acd
SHA1

f47e11135534cc7c1af923f3f351471278ed60aa
SHA256

8913d9474fb91ba5f1d76740b08828b93f55022c5cc9d908ec3fc1abd0da98e0
SHA512

175142b22d473cdd7b2a41e0284b7140e299985e7ac27cd2dbf8c312f0cd6b52de2be96939bb3d4eb0b7a5e3af6577b5f76242f7d13ca91d8bbaf47b5faaec1c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1824 wrote to memory of 2040	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 2040	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 2040	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 2040	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 2040	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 2040	1824	rundll32.exe	rundll32.exe
PID 1824 wrote to memory of 2040	1824	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8913d9474fb91ba5f1d76740b08828b93f55022c5cc9d908ec3fc1abd0da98e0.bin.sample.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1824

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8913d9474fb91ba5f1d76740b08828b93f55022c5cc9d908ec3fc1abd0da98e0.bin.sample.dll,#1
2⤵
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-60-0x0000000000000000-mapping.dmp

Download
memory/2040-61-0x0000000075801000-0x0000000075803000-memory.dmp

Filesize
8KB

Download