f832c39ea27975ce3cb9fb60b6369274afd59b732a04624787cb820e0b52cee2 | Triage

Analysis

max time kernel
114s
max time network
120s
platform
windows7_x64
resource
win7
submitted
30-06-2020 15:58

Sharing

Report Analysis Logs

General

Target

response.bin.dll
Size

309KB
MD5

dfa5e4fd4ec7c885aec6150c8723b813
SHA1

1bbd1028c1e380abd061355ba4d81075d2c34803
SHA256

f832c39ea27975ce3cb9fb60b6369274afd59b732a04624787cb820e0b52cee2
SHA512

27821983284fa80527b6aaf246bc376e9ce0941c653068c4c82744298a4368e21ff9f58b48504aa37d257daf4db2f1c1f9e0d0a5cb2953183dc9da49f2abcb0a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1612 wrote to memory of 364	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 364	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 364	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 364	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 364	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 364	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 364	1612	rundll32.exe	rundll32.exe
PID 364 wrote to memory of 1052	364	rundll32.exe	wscript.exe
PID 364 wrote to memory of 1052	364	rundll32.exe	wscript.exe
PID 364 wrote to memory of 1052	364	rundll32.exe	wscript.exe
PID 364 wrote to memory of 1052	364	rundll32.exe	wscript.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\response.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\response.bin.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:364

C:\Windows\SysWOW64\wscript.exe
wscript.exe //E:jscript "C:\Users\Public\MVexBafTc.Sszxu
3⤵
PID:1052

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\MVexBafTc.Sszxu

Download Submit
memory/364-0-0x0000000000000000-mapping.dmp

Download
memory/1052-1-0x0000000000000000-mapping.dmp

Download
memory/1052-3-0x0000000002620000-0x0000000002624000-memory.dmp

Filesize
16KB

Download