df60102fff5974a55fb6d5f4683f2565b347a0412492514e07be9b03c7c856b7 | Triage

Resubmissions

17-11-2023 10:10

231117-l7lv5ahg41 3

12-10-2021 17:50

211012-weydkachb3 10

04-10-2021 13:08

211004-qdgrjagden 10

Analysis

max time kernel
146s
max time network
130s
platform
windows7_x64
resource
win7-en-20210920
submitted
04-10-2021 13:08

Sharing

Report Analysis Logs

General

Target

df60102fff5974a55fb6d5f4683f2565b347a0412492514e07be9b03c7c856b7.dll
Size

660KB
MD5

ab756f154d266c8ba19bdfa8bcaf1b73
SHA1

3f174379229f9607c4be034cb545c9b4492ec9f5
SHA256

df60102fff5974a55fb6d5f4683f2565b347a0412492514e07be9b03c7c856b7
SHA512

19512e303fd7e65a5b4c78decb3c05b13a8b06f281f936a1e9e69a82b0e1c34d4173e59a2644c38f1c80a4974e4fcdc40c84c1c073cdc47932f525426b3db9b8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1324 wrote to memory of 1256	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1256	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1256	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1256	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1256	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1256	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1256	1324	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\df60102fff5974a55fb6d5f4683f2565b347a0412492514e07be9b03c7c856b7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\df60102fff5974a55fb6d5f4683f2565b347a0412492514e07be9b03c7c856b7.dll,#1
2⤵
PID:1256

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1256-54-0x0000000000000000-mapping.dmp

Download
memory/1256-55-0x0000000075661000-0x0000000075663000-memory.dmp

Filesize
8KB

Download