77068f0e1f215ff92cda33dcbcfa37bee083c0fd8243c074d68cb13932647f54 | Triage

Analysis

max time kernel
5s
max time network
14s
platform
windows7_x64
resource
win7v20210410
submitted
10-07-2021 10:37

Sharing

Report Analysis Logs

General

Target

77068f0e1f215ff92cda33dcbcfa37bee083c0fd8243c074d68cb13932647f54.bin.sample.dll
Size

8.2MB
MD5

93b6be42206659294f67a83285328eaf
SHA1

17ff1b25fd647c2b2a026ff8044784a7dc29da6b
SHA256

77068f0e1f215ff92cda33dcbcfa37bee083c0fd8243c074d68cb13932647f54
SHA512

1377ac279fb6a12cce9ca2d63caa16ae0f8c64ebc29fd38f28ee9f29ab076c07a5f34bcf2e44a0c753fbf82554d0bfc171b02a8e5eba0249657377ed85460aa4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1200 wrote to memory of 1528	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1528	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1528	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1528	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1528	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1528	1200	rundll32.exe	rundll32.exe
PID 1200 wrote to memory of 1528	1200	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77068f0e1f215ff92cda33dcbcfa37bee083c0fd8243c074d68cb13932647f54.bin.sample.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1200

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77068f0e1f215ff92cda33dcbcfa37bee083c0fd8243c074d68cb13932647f54.bin.sample.dll,#1
2⤵
PID:1528

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1528-60-0x0000000000000000-mapping.dmp

Download
memory/1528-61-0x00000000768B1000-0x00000000768B3000-memory.dmp

Filesize
8KB

Download