0be2467c140a096809775cd9e279f0c0a6d629a73ce666e4ac5205e387e5d0ba | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-en-20211014
submitted
13-11-2021 17:35

Sharing

Report Analysis Logs

General

Target

0be2467c140a096809775cd9e279f0c0a6d629a73ce666e4ac5205e387e5d0ba.dll
Size

66KB
MD5

159f694415b8ef42a8b1073d28531b78
SHA1

bfa3ffe1fa960a42789cae49acee18cfb6844c04
SHA256

0be2467c140a096809775cd9e279f0c0a6d629a73ce666e4ac5205e387e5d0ba
SHA512

40a1720ad7ede3bd4c203a6702691e97c51bfd4797f9df84bae3a36733ac64e6c6e828be9617618db6b50ffed957ce6a0e0eee5b44f8f5b22bd71cf4bea12150

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 1284	1088	rundll32.exe	27
PID 1088 wrote to memory of 1284	1088	rundll32.exe	27
PID 1088 wrote to memory of 1284	1088	rundll32.exe	27
PID 1088 wrote to memory of 1284	1088	rundll32.exe	27
PID 1088 wrote to memory of 1284	1088	rundll32.exe	27
PID 1088 wrote to memory of 1284	1088	rundll32.exe	27
PID 1088 wrote to memory of 1284	1088	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0be2467c140a096809775cd9e279f0c0a6d629a73ce666e4ac5205e387e5d0ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0be2467c140a096809775cd9e279f0c0a6d629a73ce666e4ac5205e387e5d0ba.dll,#1
  2⤵
  PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1284-56-0x0000000075D31000-0x0000000075D33000-memory.dmp

Filesize
8KB

Download