9826b386065f8312a7a7ef431c735a66e85a9c144692907f5909f81f837c65f4 | Triage

Analysis

max time kernel
104s
max time network
106s
platform
windows10_x64
resource
win10v20210408
submitted
26-09-2021 13:17

Sharing

Report Analysis Logs

General

Target

9826b386065f8312a7a7ef431c735a66e85a9c144692907f5909f81f837c65f4.dll
Size

194KB
MD5

193d47308a4bf33df99ab2559109019f
SHA1

6434d937f70d700a841083ea548dc02fb2e892ae
SHA256

9826b386065f8312a7a7ef431c735a66e85a9c144692907f5909f81f837c65f4
SHA512

e114e1b71b2000d1e3f9274a822d5b08298bfeb57e0f40958febe75c74736717c5c24e928b0edfb00a64f04c0a67bbc85cc4e76e65a8ea4267998006965021b9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 568 wrote to memory of 636	568	rundll32.exe	rundll32.exe
PID 568 wrote to memory of 636	568	rundll32.exe	rundll32.exe
PID 568 wrote to memory of 636	568	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9826b386065f8312a7a7ef431c735a66e85a9c144692907f5909f81f837c65f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:568

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9826b386065f8312a7a7ef431c735a66e85a9c144692907f5909f81f837c65f4.dll,#1
2⤵
PID:636

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/636-114-0x0000000000000000-mapping.dmp

Download
memory/636-115-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download