4a17ba3c9d23d3b88fe2c87cfbfa1d09becfc57663ec1871e87b52ab96c16ccc | Triage

Analysis

max time kernel
121s
max time network
144s
platform
windows7_x64
resource
win7-en-20211014
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

4a17ba3c9d23d3b88fe2c87cfbfa1d09becfc57663ec1871e87b52ab96c16ccc.dll
Size

72KB
MD5

a0236a1281f115b509c1cfed29e1da6c
SHA1

ebe16eadf9d1ba199f59e45626bb07c38be39f45
SHA256

4a17ba3c9d23d3b88fe2c87cfbfa1d09becfc57663ec1871e87b52ab96c16ccc
SHA512

1266dcfed2c9ed6dedf98c66770fd3c2dc5a18793fb872e2f70ba5d3575c0e3330084b635090efad4c194f39dd02db360fae4b9ea8f6f832a382defcb6c5c9fe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 828	2004	rundll32.exe	27
PID 2004 wrote to memory of 828	2004	rundll32.exe	27
PID 2004 wrote to memory of 828	2004	rundll32.exe	27
PID 2004 wrote to memory of 828	2004	rundll32.exe	27
PID 2004 wrote to memory of 828	2004	rundll32.exe	27
PID 2004 wrote to memory of 828	2004	rundll32.exe	27
PID 2004 wrote to memory of 828	2004	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a17ba3c9d23d3b88fe2c87cfbfa1d09becfc57663ec1871e87b52ab96c16ccc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a17ba3c9d23d3b88fe2c87cfbfa1d09becfc57663ec1871e87b52ab96c16ccc.dll,#1
  2⤵
  PID:828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/828-56-0x0000000076231000-0x0000000076233000-memory.dmp

Filesize
8KB

Download