eb2e7e5e491cfa8744e16dfdb9ff5f4270d6ef63432ea2d1ade0fb54487ef33b | Triage

Analysis

max time kernel
120s
max time network
137s
platform
windows7_x64
resource
win7-en-20211208
submitted
16-02-2022 22:33

Sharing

Report Analysis Logs

General

Target

eb2e7e5e491cfa8744e16dfdb9ff5f4270d6ef63432ea2d1ade0fb54487ef33b.dll
Size

368KB
MD5

388ad7944ffdd2e87a3b7cd178d65c86
SHA1

1407d7b934d900318a4cff58989d6534e6fcbe4a
SHA256

eb2e7e5e491cfa8744e16dfdb9ff5f4270d6ef63432ea2d1ade0fb54487ef33b
SHA512

824730e346f385404ca448eb7fe56fdf64d6645bfd6130c55867d340545ee84e4fe4f4db5ea0247a28e91298f6b3fa2ff47f9228462cb81154bc2c6a3ee301bc

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
952	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 952	1884	rundll32.exe	27
PID 1884 wrote to memory of 952	1884	rundll32.exe	27
PID 1884 wrote to memory of 952	1884	rundll32.exe	27
PID 1884 wrote to memory of 952	1884	rundll32.exe	27
PID 1884 wrote to memory of 952	1884	rundll32.exe	27
PID 1884 wrote to memory of 952	1884	rundll32.exe	27
PID 1884 wrote to memory of 952	1884	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb2e7e5e491cfa8744e16dfdb9ff5f4270d6ef63432ea2d1ade0fb54487ef33b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb2e7e5e491cfa8744e16dfdb9ff5f4270d6ef63432ea2d1ade0fb54487ef33b.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/952-54-0x0000000075AB1000-0x0000000075AB3000-memory.dmp

Filesize
8KB

Download