6ff57b1138bfc48412a5b0e87c302ff0ac01c173e8937f1eb5b833c504aa902c | Triage

Analysis

max time kernel
887s
max time network
863s
platform
windows7_x64
resource
win7v200430
submitted
14-07-2020 21:16

Sharing

Report Analysis Logs

General

Target

xookacneyz.dll
Size

499KB
MD5

5c4a26fd3d7bd21eaf316e2f48cc39a3
SHA1

80e494e385a1b2d3581ce8803d14911af296ff7e
SHA256

6ff57b1138bfc48412a5b0e87c302ff0ac01c173e8937f1eb5b833c504aa902c
SHA512

65a81a712da70a06abc7e7cb6d0c6b38a3133406245db641b8038cbd28ed4a86c4ebbb0098784e223c3268933cb6e860563b9a80c67c5a9deaef64163ec1a368

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 1332	1092	rundll32.exe	24
PID 1092 wrote to memory of 1332	1092	rundll32.exe	24
PID 1092 wrote to memory of 1332	1092	rundll32.exe	24
PID 1092 wrote to memory of 1332	1092	rundll32.exe	24
PID 1092 wrote to memory of 1332	1092	rundll32.exe	24
PID 1092 wrote to memory of 1332	1092	rundll32.exe	24
PID 1092 wrote to memory of 1332	1092	rundll32.exe	24

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\xookacneyz.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\xookacneyz.dll,#1
  2⤵
  PID:1332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1332-1-0x0000000000250000-0x0000000000259000-memory.dmp

Filesize
36KB

Download
memory/1332-2-0x000000006BAC0000-0x000000006BACB000-memory.dmp

Filesize
44KB

Download