27f4da05b6a48dcaae5d957a2db822140dfc900066083694bae12925d5b725c8 | Triage

Analysis

max time kernel
4s
max time network
8s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
18-01-2022 14:26

Sharing

Report Analysis Logs

General

Target

stage2.bin.dll
Size

638KB
MD5

47200ffbb26a2c84b32e7d4e4d719e8c
SHA1

aba1a3188755d27187bff4e6d674597a7b4ea63a
SHA256

27f4da05b6a48dcaae5d957a2db822140dfc900066083694bae12925d5b725c8
SHA512

ea3619ad0f590b86a0751e89013f0cf0293f42871f7246e84867435323b3d092875bff28f170cdfdbf5109af1c3ac53000ad44c51d44e2bd735ff2a4cd4bec5d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1748 wrote to memory of 3968	1748	rundll32.exe	rundll32.exe
PID 1748 wrote to memory of 3968	1748	rundll32.exe	rundll32.exe
PID 1748 wrote to memory of 3968	1748	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\stage2.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1748

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\stage2.bin.dll,#1
2⤵
PID:3968

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...