5f49b4e7f7eb260f41776f02600f71acd1283659f3974c62af92ecdba8289d1d | Triage

Analysis

max time kernel
118s
max time network
132s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 10:02

Sharing

Report Analysis Logs

General

Target

5f49b4e7f7eb260f41776f02600f71acd1283659f3974c62af92ecdba8289d1d.dll
Size

134KB
MD5

29465a900924318d4707117e41287ff0
SHA1

9a577e5e5380b40f7d9b4a6fe5a0d8c9e400659e
SHA256

5f49b4e7f7eb260f41776f02600f71acd1283659f3974c62af92ecdba8289d1d
SHA512

19cef069614a1271b6ceebbbb435d6c746c2da32bd8caf014dcd8b3bab4af207640bac5ab2440f8dada28de45cd643e7c84b1e0c4e37df9ae407c3443e733426

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1480 wrote to memory of 1656	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 1656	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 1656	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 1656	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 1656	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 1656	1480	rundll32.exe	rundll32.exe
PID 1480 wrote to memory of 1656	1480	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f49b4e7f7eb260f41776f02600f71acd1283659f3974c62af92ecdba8289d1d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1480

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f49b4e7f7eb260f41776f02600f71acd1283659f3974c62af92ecdba8289d1d.dll,#1
2⤵
PID:1656

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-54-0x0000000075D51000-0x0000000075D53000-memory.dmp

Filesize
8KB

Download