a7851fc690ef45d45b1d74148d2c775168b55353c778897b7d0388fb140dd59a | Triage

Analysis

max time kernel
74s
max time network
31s
platform
windows7_x64
resource
win7-en-20210916
submitted
19-09-2021 01:24

Sharing

Report Analysis Logs

General

Target

4b20000.dll
Size

42KB
MD5

0a8475321957e6afe4762f84717db4df
SHA1

68fe53e05f442196f7895098f96b633000d64e5a
SHA256

a7851fc690ef45d45b1d74148d2c775168b55353c778897b7d0388fb140dd59a
SHA512

b0e5599131566fe802a0a036bf8b84b7a364c15c21f2a774760aa6a1f72a8174291bf60a29a73164ef22d02737ecf68c2a9a72e7af58cf1c845ded59d9f25016

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 968 wrote to memory of 520	968	rundll32.exe	rundll32.exe
PID 968 wrote to memory of 520	968	rundll32.exe	rundll32.exe
PID 968 wrote to memory of 520	968	rundll32.exe	rundll32.exe
PID 968 wrote to memory of 520	968	rundll32.exe	rundll32.exe
PID 968 wrote to memory of 520	968	rundll32.exe	rundll32.exe
PID 968 wrote to memory of 520	968	rundll32.exe	rundll32.exe
PID 968 wrote to memory of 520	968	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b20000.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:968

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b20000.dll,#1
2⤵
PID:520

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/520-54-0x0000000000000000-mapping.dmp

Download
memory/520-55-0x00000000759B1000-0x00000000759B3000-memory.dmp

Filesize
8KB

Download