e291a146f79d927d18392a04d238d829c0df156410e4d93636aee1b5663db914 | Triage

Analysis

max time kernel
130s
max time network
136s
platform
windows7_x64
resource
win7
submitted
07-07-2020 07:00

Sharing

Report Analysis Logs

General

Target

vetu.bin.dll
Size

345KB
MD5

27fe3cb424c1711ea61eb712850bda93
SHA1

5860c128f896b7744d5c8fe148b822395c970bac
SHA256

e291a146f79d927d18392a04d238d829c0df156410e4d93636aee1b5663db914
SHA512

18f15bbb7084dc976eb25b1b3fb2543c1ae1843ed76f3efa282470c5fcd6753a7512d3bc42bbf4a64267994bcba1016f0c2423c47f3b60e201f02b67a04448fc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1460 wrote to memory of 1484	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1484	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1484	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1484	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1484	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1484	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 1484	1460	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vetu.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1460

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vetu.bin.dll,#1
2⤵
PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1484-0-0x0000000000000000-mapping.dmp

Download