50b3a811481295d5a9f00df228a89eb6bb56d99e313ba1fcfa4e1f606975cbc5 | Triage

Analysis

max time kernel
125s
max time network
97s
platform
windows7_x64
resource
win7v20210408
submitted
24/09/2021, 17:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Datop/test.test.dll
Size

297KB
MD5

508fb618684f3dfb732d3aa8927c69ba
SHA1

475aa7d58b285565251935c4c5982ffdb188fe8a
SHA256

db0652616b6441bd7f45f9dcc7e3d2c2cd4d75df704c9a5c334b7e9c3acc2f2f
SHA512

861e24210c1027f53a9c0ea127f7d9f22978852c2e4adc7f43e3ff00f065b341b3130f1493c475a688800cbc4d3cf3627b5c15df988676c98de86d88827104b9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2012	2020	rundll32.exe	25
PID 2020 wrote to memory of 2012	2020	rundll32.exe	25
PID 2020 wrote to memory of 2012	2020	rundll32.exe	25
PID 2020 wrote to memory of 2012	2020	rundll32.exe	25
PID 2020 wrote to memory of 2012	2020	rundll32.exe	25
PID 2020 wrote to memory of 2012	2020	rundll32.exe	25
PID 2020 wrote to memory of 2012	2020	rundll32.exe	25

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Datop\test.test.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Datop\test.test.dll,#1
  2⤵
  PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-61-0x00000000754F1000-0x00000000754F3000-memory.dmp

Filesize
8KB

Download