85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939 | Triage

Resubmissions

21-09-2021 13:35

210921-qvmdcacceq 10

16-09-2021 14:37

210916-ry5vjagdhr 8

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-en
submitted
16-09-2021 14:37

Sharing

Report Analysis Logs

General

Target

www1.dll
Size

316KB
MD5

5ec89ea30af2cc38ae183d12ffacbcf7
SHA1

bee82e104c1082442c7ff029b2781a04a3e80cd5
SHA256

85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939
SHA512

7e25703e68ec87d1da4b8d5f2bfe4e1e09b6bd88bb3e662b82cda77496badd5c6c1b3685ade9c4d4a100fb43972d3356bb22c7089a4edc2e1c174aa3fbf639cf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 1680	1816	rundll32.exe	26
PID 1816 wrote to memory of 1680	1816	rundll32.exe	26
PID 1816 wrote to memory of 1680	1816	rundll32.exe	26
PID 1816 wrote to memory of 1680	1816	rundll32.exe	26
PID 1816 wrote to memory of 1680	1816	rundll32.exe	26
PID 1816 wrote to memory of 1680	1816	rundll32.exe	26
PID 1816 wrote to memory of 1680	1816	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\www1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\www1.dll,#1
  2⤵
  PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-54-0x0000000075AA1000-0x0000000075AA3000-memory.dmp

Filesize
8KB

Download
memory/1680-56-0x0000000074D00000-0x0000000074D62000-memory.dmp

Filesize
392KB

Download
memory/1680-55-0x0000000074D00000-0x0000000074D11000-memory.dmp

Filesize
68KB

Download
memory/1680-57-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download