06521c5730af4efc5e8c6d9517e6da154bc653131dc22af44271d740b45ae7eb | Triage

Analysis

max time kernel
12s
max time network
10s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 20:24

Sharing

Report Analysis Logs

General

Target

yhhljgxudqeyowcinyde44154280653/db.dll
Size

952KB
MD5

64dc543f839f52eb26f658585332b48b
SHA1

1207a7232c78c381cb6bacfa3d5485df2b5e59d3
SHA256

cd7d5c9b8ce5d3d51a813a8e957fbfbfde426f159aa584937e35a8e057b24c8e
SHA512

eb3f427e6a6ee3b4525f44ac412a2b4c64b76ac3efdaa0c2fa3f0dfbe5a1afd7052f78691ebd54c2cc0dcff02a3655b9e75b9d6de46a1bac4db38d1770e7512a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 1880	316	rundll32.exe	27
PID 316 wrote to memory of 1880	316	rundll32.exe	27
PID 316 wrote to memory of 1880	316	rundll32.exe	27
PID 316 wrote to memory of 1880	316	rundll32.exe	27
PID 316 wrote to memory of 1880	316	rundll32.exe	27
PID 316 wrote to memory of 1880	316	rundll32.exe	27
PID 316 wrote to memory of 1880	316	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\yhhljgxudqeyowcinyde44154280653\db.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\yhhljgxudqeyowcinyde44154280653\db.dll,#1
  2⤵
  PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1880-54-0x0000000076001000-0x0000000076003000-memory.dmp

Filesize
8KB

Download
memory/1880-55-0x00000000008F0000-0x00000000009E9000-memory.dmp

Filesize
996KB

Download