88edb9fd9a15da9b29671b79314a83a26622102dd69fe82bc5fdda3abbfb73f6 | Triage

Resubmissions

26-09-2021 13:12

210926-qfpvxseggj 7

26-09-2021 13:09

210926-qd3zrsehd4 1

Analysis

max time kernel
74s
max time network
15s
platform
windows7_x64
resource
win7-en-20210920
submitted
26-09-2021 13:09

Sharing

Report Analysis Logs

General

Target

88edb9fd9a15da9b29671b79314a83a26622102dd69fe82bc5fdda3abbfb73f6.dll
Size

274KB
MD5

8f5524d454be8615579d44504d038061
SHA1

f71457d914864ba35a20ad6cbc7554bd3213f8aa
SHA256

88edb9fd9a15da9b29671b79314a83a26622102dd69fe82bc5fdda3abbfb73f6
SHA512

a5e44b8e265bce54bbbb6ff890c2aa8cbe0d5c51819b358f93e74e96d851c6be2dd786cb8dc78fb5299123e50f47a2cea49d66e0f85bea805f722a1e30ecdad3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1044 wrote to memory of 2044	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 2044	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 2044	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 2044	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 2044	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 2044	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 2044	1044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\88edb9fd9a15da9b29671b79314a83a26622102dd69fe82bc5fdda3abbfb73f6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\88edb9fd9a15da9b29671b79314a83a26622102dd69fe82bc5fdda3abbfb73f6.dll,#1
2⤵
PID:2044

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-53-0x0000000000000000-mapping.dmp

Download
memory/2044-54-0x0000000075871000-0x0000000075873000-memory.dmp

Filesize
8KB

Download
memory/2044-55-0x0000000000250000-0x0000000000298000-memory.dmp

Filesize
288KB

Download