5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2 | Triage

Analysis

max time kernel
55s
max time network
14s
platform
windows7_x64
resource
win7-en-20211208
submitted
24-01-2022 02:00

Sharing

Report Analysis Logs

General

Target

5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2.dll
Size

164KB
MD5

8b24ea434d60f99e1ff50810fb8d28da
SHA1

259f3974763f09d57129b3881b427fd9d30358d8
SHA256

5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2
SHA512

aed4d982bc7b4513abf5ba237f562cca1332a2997c8826c81a262fddd64de9074f073f88aecd03ae901d58f9e677cdf5c59f61222606fa5e7da20ade96776371

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1796 wrote to memory of 1896	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1896	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1896	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1896	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1896	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1896	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1896	1796	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1796

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2.dll,#1
2⤵
PID:1896

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1896-54-0x0000000076C61000-0x0000000076C63000-memory.dmp

Filesize
8KB

Download