197fdf98c5bc6258c8d83a21082d7ce7c3ebd1267eb1cd703741859cbf1edf7e | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 10:03

Sharing

Report Analysis Logs

General

Target

197fdf98c5bc6258c8d83a21082d7ce7c3ebd1267eb1cd703741859cbf1edf7e.dll
Size

135KB
MD5

fa6898e141275b99a23c72e51b2dddb5
SHA1

767bcf82744ee6b4005edd7b06f5eccfb4b2f0c6
SHA256

197fdf98c5bc6258c8d83a21082d7ce7c3ebd1267eb1cd703741859cbf1edf7e
SHA512

b632f33f7534e4a1f7d2f35608719fa417174d75d3d1915b964837f2157b9198e01c68909f1760bbcad534a477dbc3f6b311d27a6012549fb76a16e47cb5453e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 952 wrote to memory of 1164	952	rundll32.exe	rundll32.exe
PID 952 wrote to memory of 1164	952	rundll32.exe	rundll32.exe
PID 952 wrote to memory of 1164	952	rundll32.exe	rundll32.exe
PID 952 wrote to memory of 1164	952	rundll32.exe	rundll32.exe
PID 952 wrote to memory of 1164	952	rundll32.exe	rundll32.exe
PID 952 wrote to memory of 1164	952	rundll32.exe	rundll32.exe
PID 952 wrote to memory of 1164	952	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\197fdf98c5bc6258c8d83a21082d7ce7c3ebd1267eb1cd703741859cbf1edf7e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:952

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\197fdf98c5bc6258c8d83a21082d7ce7c3ebd1267eb1cd703741859cbf1edf7e.dll,#1
2⤵
PID:1164

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1164-54-0x0000000076491000-0x0000000076493000-memory.dmp

Filesize
8KB

Download