394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1 | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-en-20211208
submitted
24-12-2021 11:10

Sharing

Report Analysis Logs

General

Target

394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll
Size

5KB
MD5

d56443c835e68547256b2b8ce64fcd73
SHA1

ca817b7459c98c25a5d845f8734d3227430520b3
SHA256

394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1
SHA512

aae457f9b572c985e0fdd2c5d47ff3b5dae05211e53e693f261abee6c5a3ef71a02521250b19f606099e3c4e4f07ac0c7440b9a118fa075de9cd0a06f970936d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1600 wrote to memory of 1656	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1656	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1656	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1656	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1656	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1656	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 1656	1600	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll,#1
2⤵
PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-55-0x0000000000000000-mapping.dmp

Download
memory/1656-56-0x0000000075801000-0x0000000075803000-memory.dmp

Filesize
8KB

Download