Analysis

  • max time kernel
    128s
  • max time network
    130s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    07-07-2020 12:35

General

  • Target

    update.dll

  • Size

    384KB

  • MD5

    87ddb1f1b93cd67101823be57183c7ad

  • SHA1

    f811ac98c354145cd3e8ea925a6508ce2f667826

  • SHA256

    b65ca1af4590bbec9aa558319c6491db8235a555de83345e71b69feb69163e58

  • SHA512

    ac296d45768392cc85a3a45ae1c8a5d0f694805007d8e1344bd985c83f435944b6816f3f16c27bb97665006997ea0a4638666e8bb4317aa96fd2ad1afd13be75

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\update.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\update.dll,#1
      2⤵
        PID:3896

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3896-0-0x0000000000000000-mapping.dmp