9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69 | Triage

Resubmissions

20-07-2021 12:56

210720-31gxwajb6e 10

08-04-2021 17:31

210408-v4m27pzh7n 10

Analysis

max time kernel
4s
max time network
13s
platform
windows7_x64
resource
win7v20210408
submitted
20-07-2021 12:56

Sharing

Report Analysis Logs

General

Target

9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69.dll
Size

140KB
MD5

e92f45e8639d751bfd6053dd9419d0b9
SHA1

794eb3a9ce8b7e5092bb1b93341a54097f5b78a9
SHA256

9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69
SHA512

1387e60f5e314bd4ff52e34cdfdc4c692b81924192588ec5b583dd3d74e0f8362a83f895b45ccca9095cea35e467d190bea3c99fe98a503b9ae0c5fee90cc380

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2000	1848	rundll32.exe	25
PID 1848 wrote to memory of 2000	1848	rundll32.exe	25
PID 1848 wrote to memory of 2000	1848	rundll32.exe	25
PID 1848 wrote to memory of 2000	1848	rundll32.exe	25
PID 1848 wrote to memory of 2000	1848	rundll32.exe	25
PID 1848 wrote to memory of 2000	1848	rundll32.exe	25
PID 1848 wrote to memory of 2000	1848	rundll32.exe	25

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69.dll,#1
  2⤵
  PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-60-0x00000000757C1000-0x00000000757C3000-memory.dmp

Filesize
8KB

Download