3d25f31dd7543a1b26a25bc18f3de2e48d44ee5b61d0c7f0ebad1c848e5e2e66 | Triage

Analysis

max time kernel
119s
max time network
134s
platform
windows7_x64
resource
win7-en-20211014
submitted
11-11-2021 13:15

Sharing

Report Analysis Logs

General

Target

1.dll
Size

13KB
MD5

529ad0ebe8403807a19bbc010689ab55
SHA1

efd93c9f0101b6841207bb65adf89e91c599eca4
SHA256

3d25f31dd7543a1b26a25bc18f3de2e48d44ee5b61d0c7f0ebad1c848e5e2e66
SHA512

df76d06e656a1fc53445bfe820920367d89fe80b7d8230cdfd6fc13c295219b479ca29a816895bd417f8800ab3e8934548eafa8bf92092fed3fea6c1bd3a1683

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

2 524 rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1100 wrote to memory of 524	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 524	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 524	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 524	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 524	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 524	1100	rundll32.exe	rundll32.exe
PID 1100 wrote to memory of 524	1100	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/524-55-0x0000000000000000-mapping.dmp

Download
memory/524-56-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download