51dd7240691df659de0d87a471894c450a4d949c82ae0f907f57bf3efea2651f | Triage

Analysis

max time kernel
142s
max time network
148s
platform
windows7_x64
resource
win7
submitted
07/07/2020, 05:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Variant.Mikey.113443.16555.21901.dll
Size

85KB
MD5

677eaa5f64fe9320bd2612725abd061d
SHA1

d9aebef6403dbd292a610aaf4d8001203392847c
SHA256

51dd7240691df659de0d87a471894c450a4d949c82ae0f907f57bf3efea2651f
SHA512

9ac227de42eed292b8f355f8041819d5e317fc5bc0efc44714054f6f76f5e1c0f204c0d7aef9e70ed42c1cf1909fe02bacffc8863873075e781de5f6d9e7c6c0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 316	1344	rundll32.exe	24
PID 1344 wrote to memory of 316	1344	rundll32.exe	24
PID 1344 wrote to memory of 316	1344	rundll32.exe	24
PID 1344 wrote to memory of 316	1344	rundll32.exe	24
PID 1344 wrote to memory of 316	1344	rundll32.exe	24
PID 1344 wrote to memory of 316	1344	rundll32.exe	24
PID 1344 wrote to memory of 316	1344	rundll32.exe	24

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Mikey.113443.16555.21901.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Mikey.113443.16555.21901.dll,#1
  2⤵
  PID:316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads