e0248729bd8b857e3c320394cb76bdb2b68626b90020e60f3bd1bd6544296d58 | Triage

Analysis

max time kernel
137s
max time network
50s
platform
windows10_x64
resource
win10v200430
submitted
11-07-2020 20:15

Sharing

Report Analysis Logs

General

Target

Ulotrichy.dll
Size

13KB
MD5

04a9c4aaa761bf7f4157cf702be9bae4
SHA1

723de209f9e2bd53fccf75e764970c4619651d4c
SHA256

e0248729bd8b857e3c320394cb76bdb2b68626b90020e60f3bd1bd6544296d58
SHA512

fd003171c7c138f273880ee71b5c482404fcf630d6233945eb832dcf1223689aa36c3e76175d27f36d0802e3fd7eb0a045a0be1b2dc075a8c1806aa62af2ef1f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 640 wrote to memory of 796	640	rundll32.exe	rundll32.exe
PID 640 wrote to memory of 796	640	rundll32.exe	rundll32.exe
PID 640 wrote to memory of 796	640	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Ulotrichy.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:640

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Ulotrichy.dll,#1
2⤵
PID:796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/796-0-0x0000000000000000-mapping.dmp

Download