21a03d9c845e446cb96eba7c93aa6403b8a9aaa744801e77468bf73c0507d028 | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 10:45

Sharing

Report Analysis Logs

General

Target

21a03d9c845e446cb96eba7c93aa6403b8a9aaa744801e77468bf73c0507d028.dll
Size

53KB
MD5

8fef088246f4bb2e5ce12600799ddd12
SHA1

9dc3e57e33f7cbc4b0ca75b071d7bfadab509f1f
SHA256

21a03d9c845e446cb96eba7c93aa6403b8a9aaa744801e77468bf73c0507d028
SHA512

d591f169ffdb45f4c4da095a90038fb35bc0ac777c086ae284b851c69d5d6acf02ef9ea15600cb39ef7f9458458fdab2517d2144d9db3f2638a6a03450e591d5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1520 wrote to memory of 1684	1520	rundll32.exe	rundll32.exe
PID 1520 wrote to memory of 1684	1520	rundll32.exe	rundll32.exe
PID 1520 wrote to memory of 1684	1520	rundll32.exe	rundll32.exe
PID 1520 wrote to memory of 1684	1520	rundll32.exe	rundll32.exe
PID 1520 wrote to memory of 1684	1520	rundll32.exe	rundll32.exe
PID 1520 wrote to memory of 1684	1520	rundll32.exe	rundll32.exe
PID 1520 wrote to memory of 1684	1520	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21a03d9c845e446cb96eba7c93aa6403b8a9aaa744801e77468bf73c0507d028.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1520

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21a03d9c845e446cb96eba7c93aa6403b8a9aaa744801e77468bf73c0507d028.dll,#1
2⤵
PID:1684

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1684-54-0x0000000075D61000-0x0000000075D63000-memory.dmp

Filesize
8KB

Download