47ce0f84aceaca95dfa327d9bf9c1eeacbde6cf5a4673bb2a4c96d1938958835 | Triage

Analysis

max time kernel
136s
max time network
143s
platform
windows7_x64
resource
win7
submitted
30-06-2020 16:03

Sharing

Report Analysis Logs

General

Target

47ce0f.dll
Size

98KB
MD5

834fbacdff8eaaf8163b00175e1dfff0
SHA1

a636c33b41dfb92312a6c8379169a80a6b57d02f
SHA256

47ce0f84aceaca95dfa327d9bf9c1eeacbde6cf5a4673bb2a4c96d1938958835
SHA512

824cce42249d66b36826c17ba974cf932d3b2c0f48ebd85c195be6743187a15e53610546480f9dededa059847d48c9deb27eb99ed95c2ed4b242a8599331387d

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 740 wrote to memory of 1116	740	rundll32.exe	rundll32.exe
PID 740 wrote to memory of 1116	740	rundll32.exe	rundll32.exe
PID 740 wrote to memory of 1116	740	rundll32.exe	rundll32.exe
PID 740 wrote to memory of 1116	740	rundll32.exe	rundll32.exe
PID 740 wrote to memory of 1116	740	rundll32.exe	rundll32.exe
PID 740 wrote to memory of 1116	740	rundll32.exe	rundll32.exe
PID 740 wrote to memory of 1116	740	rundll32.exe	rundll32.exe

Blacklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

2 1116 rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\47ce0f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:740

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\47ce0f.dll,#1
2⤵
- Blacklisted process makes network request
PID:1116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1116-0-0x0000000000000000-mapping.dmp

Download