2a29e1eaaff50f90c2a25a9be52a72ae194c2fe302f905818d90f7d5fb9c0437 | Triage

Analysis

max time kernel
53s
max time network
53s
platform
windows7_x64
resource
win7
submitted
09/07/2020, 06:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

CHIL26B.dll
Size

370KB
MD5

1669381ba6b080eb0fef3e994728cf47
SHA1

61c4876b1456879130e4b2c5fcb3cb6466a99dc9
SHA256

2a29e1eaaff50f90c2a25a9be52a72ae194c2fe302f905818d90f7d5fb9c0437
SHA512

f417314c12d07f19e64e5dd5a1029025293c19a4fd93da183807fb7782ffd922b448effcf78048008017c2fb298a4daf9ba00517841051fc5044ecdafcc84648

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24
PID 1100 wrote to memory of 1228	1100	rundll32.exe	24

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CHIL26B.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\CHIL26B.dll,#1
  2⤵
  PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads