Analysis

  • max time kernel
    40s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7v200430
  • submitted
    07-07-2020 19:23

General

  • Target

    update.dll

  • Size

    384KB

  • MD5

    4df3128d3db0f609767ca8e733de8f03

  • SHA1

    0b4d3667cdc2da2f93398a576c98f70ef960568d

  • SHA256

    99d62f68414740eb9e6c2719cf22d67e5f5f4cb3fe0a4be34e7438d826844ff5

  • SHA512

    b4ade66aad0627fa9e45b420baacd2846ceeb49512d95ce1c4ae68178daea877da99ed0503ea29cd652836f055e4cff8a8c35d229e80ba12813bf989f39f5065

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\update.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\update.dll,#1
      2⤵
        PID:1424

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1424-0-0x0000000000000000-mapping.dmp