b65ca1af4590bbec9aa558319c6491db8235a555de83345e71b69feb69163e58 | Triage

Analysis

max time kernel
143s
max time network
148s
platform
windows7_x64
resource
win7
submitted
07/07/2020, 12:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

update.dll
Size

384KB
MD5

87ddb1f1b93cd67101823be57183c7ad
SHA1

f811ac98c354145cd3e8ea925a6508ce2f667826
SHA256

b65ca1af4590bbec9aa558319c6491db8235a555de83345e71b69feb69163e58
SHA512

ac296d45768392cc85a3a45ae1c8a5d0f694805007d8e1344bd985c83f435944b6816f3f16c27bb97665006997ea0a4638666e8bb4317aa96fd2ad1afd13be75

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 1072	1152	rundll32.exe	24
PID 1152 wrote to memory of 1072	1152	rundll32.exe	24
PID 1152 wrote to memory of 1072	1152	rundll32.exe	24
PID 1152 wrote to memory of 1072	1152	rundll32.exe	24
PID 1152 wrote to memory of 1072	1152	rundll32.exe	24
PID 1152 wrote to memory of 1072	1152	rundll32.exe	24
PID 1152 wrote to memory of 1072	1152	rundll32.exe	24

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\update.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\update.dll,#1
  2⤵
  PID:1072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads