9fe0c3264f1d2d988f1f8065becce847dcdba00c8e268c112f800feb9ae9e899 | Triage

Analysis

max time kernel
4264965s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
17-01-2022 13:58

Sharing

Report Analysis Logs

General

Target

e7e9ac9bbc69589e627f913f8605938b96afd929ebc974ffa0955598d19498d1.dll
Size

756KB
MD5

acdcd26de7e78893c0b6861316721469
SHA1

2f8716ea8f2747f7fdac054ec58644d6a3a175a4
SHA256

e7e9ac9bbc69589e627f913f8605938b96afd929ebc974ffa0955598d19498d1
SHA512

84c29ce85551beda34e86c56da1d0a2a97f080b0073de679183eb5a1493c3a2bd760d414526f43643ec9689a3a010ed357e9428d4bd18c08cc664c9903f00aa7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3828 wrote to memory of 1784	3828	rundll32.exe	rundll32.exe
PID 3828 wrote to memory of 1784	3828	rundll32.exe	rundll32.exe
PID 3828 wrote to memory of 1784	3828	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7e9ac9bbc69589e627f913f8605938b96afd929ebc974ffa0955598d19498d1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3828

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7e9ac9bbc69589e627f913f8605938b96afd929ebc974ffa0955598d19498d1.dll,#1
2⤵
PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-131-0x0000000000000000-mapping.dmp

Download