9b233994400898091ccf11650beeab0d234ca3c9c5472dcbaa95360eb14d5516 | Triage

Analysis

max time kernel
124s
max time network
147s
platform
windows10_x64
resource
win10v200430
submitted
09-07-2020 08:35

Sharing

Report Analysis Logs

General

Target

a6113e8a0387832bd3b05a6f3e70c2cc.exe.dll
Size

207KB
MD5

87a41e0d6e797735e64d97d212822385
SHA1

7c1730296e69ead34e5642f284b86eebc87632a5
SHA256

9b233994400898091ccf11650beeab0d234ca3c9c5472dcbaa95360eb14d5516
SHA512

f1df064842a028af7b3325026638a6b2faf720de0d9330debe6045484af5595a4b9476a57ef20d3e817c457f2f4e7be0b5c9cea5873470d5d1d7d7feb0098208

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 972 wrote to memory of 3724	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 3724	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 3724	972	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6113e8a0387832bd3b05a6f3e70c2cc.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:972

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6113e8a0387832bd3b05a6f3e70c2cc.exe.dll,#1
2⤵
PID:3724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3724-0-0x0000000000000000-mapping.dmp

Download