a571af444e69e542754e107eb133c878a0cbea7e279c29e4961971051c8e9623 | Triage

Analysis

max time kernel
11s
max time network
49s
platform
windows7_x64
resource
win7v20210408
submitted
10-07-2021 10:36

Sharing

Report Analysis Logs

General

Target

a571af444e69e542754e107eb133c878a0cbea7e279c29e4961971051c8e9623.bin.sample.dll
Size

8.1MB
MD5

8baef83d86ced764e9c8d115b4f33742
SHA1

68c728055155e8fbf18620e233ca6cba1f1614d2
SHA256

a571af444e69e542754e107eb133c878a0cbea7e279c29e4961971051c8e9623
SHA512

d4e50da2d91546a0ac11a7bac2782b0ea31d0ca3b3b12930f21e42447f5b5e7f4eea125a525597da7b481fcf9b75ff5ad10578b90b0805ce0e5f6dbd86134378

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1976 wrote to memory of 1116	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 1116	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 1116	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 1116	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 1116	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 1116	1976	rundll32.exe	rundll32.exe
PID 1976 wrote to memory of 1116	1976	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a571af444e69e542754e107eb133c878a0cbea7e279c29e4961971051c8e9623.bin.sample.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a571af444e69e542754e107eb133c878a0cbea7e279c29e4961971051c8e9623.bin.sample.dll,#1
2⤵
PID:1116

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1116-60-0x0000000000000000-mapping.dmp

Download
memory/1116-61-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download