af89d85a3b579ac754850bd6e52e7516c2e63141107001463486cd01bc175052 | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-en-20211104
submitted
11-11-2021 14:19

Sharing

Report Analysis Logs

General

Target

af89d85a3b579ac754850bd6e52e7516c2e63141107001463486cd01bc175052.bin.dll
Size

695KB
MD5

badf8311607462f3d4efa6363443e082
SHA1

7897acc34f327eb8da08f4ac1c1faeb5188ff276
SHA256

af89d85a3b579ac754850bd6e52e7516c2e63141107001463486cd01bc175052
SHA512

1b50f6686d70cd53caf74457727daf441ba4a08ef40e2c50a3d6045ad2f5aaf91080ca83da997751a7d82a9db0b681ae56ce5f315ae2adda35a7778e4b780b7f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1280 wrote to memory of 524	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 524	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 524	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 524	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 524	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 524	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 524	1280	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af89d85a3b579ac754850bd6e52e7516c2e63141107001463486cd01bc175052.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1280

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af89d85a3b579ac754850bd6e52e7516c2e63141107001463486cd01bc175052.bin.dll,#1
2⤵
PID:524

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/524-55-0x0000000000000000-mapping.dmp

Download
memory/524-56-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download
memory/524-57-0x0000000001CD0000-0x000000000210D000-memory.dmp

Filesize
4.2MB

Download