690c488a9902978f2ef05aa23d21f4fa30a52dd9d11191f9b49667cd08618d87.bin

General
Target

690c488a9902978f2ef05aa23d21f4fa30a52dd9d11191f9b49667cd08618d87.bin.dll

Filesize

34KB

Completed

27-07-2021 22:13

Score
1 /10
MD5

1ca0fbd832f9f7cdc0e50b29bd0d970f

SHA1

9be6a2bc9df78f4566e5690e2f1bb696ae96cb48

SHA256

690c488a9902978f2ef05aa23d21f4fa30a52dd9d11191f9b49667cd08618d87

Malware Config
Signatures 1

Filter: none

  • Suspicious use of WriteProcessMemory
    rundll32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 2752 wrote to memory of 39722752rundll32.exerundll32.exe
    PID 2752 wrote to memory of 39722752rundll32.exerundll32.exe
    PID 2752 wrote to memory of 39722752rundll32.exerundll32.exe
Processes 2
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\690c488a9902978f2ef05aa23d21f4fa30a52dd9d11191f9b49667cd08618d87.bin.dll,#1
    Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\690c488a9902978f2ef05aa23d21f4fa30a52dd9d11191f9b49667cd08618d87.bin.dll,#1
      PID:3972
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/3972-114-0x0000000000000000-mapping.dmp