60341eb69770633861e303657417e6a30c6948742291dd2e1478ca2c2c510d49 | Triage

Analysis

max time kernel
1s
max time network
48s
platform
windows7_x64
resource
win7v20210408
submitted
20-08-2021 21:40

Sharing

Report Analysis Logs

General

Target

_platform_specific/win_x86/widevinecdm.dll
Size

9.3MB
MD5

7a59d939f28964955ac301db8518861c
SHA1

e00c28f3490484cff2f27c0acea36791173e0a0f
SHA256

787294fd7fe47f7fa7f735403928eaf96e04724207891fd6db727b2a5b58d340
SHA512

4b44027d08b0990052cd9942e6b0d85a9be1b603fc36e65fad07a1df56e719efdefe16e70eda44d23e39ebf0e46a436d31139716895a3e5ceaa190286f193e0b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1752	1948	rundll32.exe	28
PID 1948 wrote to memory of 1752	1948	rundll32.exe	28
PID 1948 wrote to memory of 1752	1948	rundll32.exe	28
PID 1948 wrote to memory of 1752	1948	rundll32.exe	28
PID 1948 wrote to memory of 1752	1948	rundll32.exe	28
PID 1948 wrote to memory of 1752	1948	rundll32.exe	28
PID 1948 wrote to memory of 1752	1948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\_platform_specific\win_x86\widevinecdm.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\_platform_specific\win_x86\widevinecdm.dll,#1
  2⤵
  PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1752-61-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download