4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-en-20211208
submitted
27-12-2021 09:13

Sharing

Report Analysis Logs

General

Target

tmp/4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d.exe.dll
Size

132KB
MD5

7eff73c1b8448ce059f5b3be69ca05ca
SHA1

e7e851d35d466ce5302531749df6bcc8dcb46d6d
SHA256

4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d
SHA512

da95c4518f109ef36ff09f7f468f8afc92f44686346ee0546be276fb9d77cecba7c60955d1a4ed170c7446bdd40fd0791ceb57e77531f13f1e33f221aec72b38

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1564 wrote to memory of 1552	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1552	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1552	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1552	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1552	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1552	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1552	1564	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp\4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1564

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp\4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d.exe.dll,#1
2⤵
PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1552-55-0x0000000000000000-mapping.dmp

Download
memory/1552-56-0x00000000756C1000-0x00000000756C3000-memory.dmp

Filesize
8KB

Download