0cede268ec6a310a792caaa120f25b8d95029e59bc9c14881c693eeda8d24050 | Triage

Analysis

max time kernel
121s
max time network
153s
platform
windows7_x64
resource
win7-en-20210920
submitted
01-11-2021 19:26

Sharing

Report Analysis Logs

General

Target

0cede268ec6a310a792caaa120f25b8d95029e59bc9c14881c693eeda8d24050.dll
Size

72KB
MD5

405edb27ffebdd2fed40d0ad833603f3
SHA1

16bf0e96fdf1c1535107cd4443300308b51e347a
SHA256

0cede268ec6a310a792caaa120f25b8d95029e59bc9c14881c693eeda8d24050
SHA512

2147db477e219a944fad0d34ba0e16c8ee986778c383c09c247fb0ebb5d5284f7ccc6a5522e68640b0f2906b4c1131603e430f3106854616d23f5d1343fe1753

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 320 wrote to memory of 940	320	rundll32.exe	rundll32.exe
PID 320 wrote to memory of 940	320	rundll32.exe	rundll32.exe
PID 320 wrote to memory of 940	320	rundll32.exe	rundll32.exe
PID 320 wrote to memory of 940	320	rundll32.exe	rundll32.exe
PID 320 wrote to memory of 940	320	rundll32.exe	rundll32.exe
PID 320 wrote to memory of 940	320	rundll32.exe	rundll32.exe
PID 320 wrote to memory of 940	320	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cede268ec6a310a792caaa120f25b8d95029e59bc9c14881c693eeda8d24050.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:320

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cede268ec6a310a792caaa120f25b8d95029e59bc9c14881c693eeda8d24050.dll,#1
2⤵
PID:940

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/940-54-0x0000000000000000-mapping.dmp

Download
memory/940-55-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download