c7b6b5c5fd0241015dea2d5bf76f50143844676bec4b1a57284af92a75a367db | Triage

Analysis

max time kernel
53s
max time network
53s
platform
windows7_x64
resource
win7
submitted
08/07/2020, 05:43

Sharing

Report Analysis Logs

General

Target

update.dll
Size

384KB
MD5

3c17307c78c69358758cd1dd45cc1ef0
SHA1

410618a0bc0d5b2fbbaac7300eb5f9a23aaa1582
SHA256

c7b6b5c5fd0241015dea2d5bf76f50143844676bec4b1a57284af92a75a367db
SHA512

ec5a61b7a33dfe01ba83697f3879cb6bdbee5347643ee66900081a53bfc2919cf44bed82c0f4c17d0adb4433cecc1f1a50d3a996cd3108db531a341ec14743b0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\update.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\update.dll,#1
  2⤵
  PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads