442b1971e92aefeb93774a13cd2ca15f7f8e9dad99303f1c832bd62f10e30ed2 | Triage

Analysis

max time kernel
146s
max time network
27s
platform
windows7_x64
resource
win7v200430
submitted
19-07-2020 17:35

Sharing

Report Analysis Logs

General

Target

powerzeus_1.0.2.0.vir.dll
Size

170KB
MD5

58bebe685a0b35149cf7f1daf059f3fa
SHA1

50b8e32336e850b7e0b0a70734270db29ea168bc
SHA256

442b1971e92aefeb93774a13cd2ca15f7f8e9dad99303f1c832bd62f10e30ed2
SHA512

6d610141e7d1a6e3e7ed8b85e0feab0a583ec77dbf5dc37973b70cbb300dfcb98a2fd95904164d1681c05546973b59e98a892d7f7dd459477fe30a227c38d26c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1292 wrote to memory of 852	1292	rundll32.exe	rundll32.exe
PID 1292 wrote to memory of 852	1292	rundll32.exe	rundll32.exe
PID 1292 wrote to memory of 852	1292	rundll32.exe	rundll32.exe
PID 1292 wrote to memory of 852	1292	rundll32.exe	rundll32.exe
PID 1292 wrote to memory of 852	1292	rundll32.exe	rundll32.exe
PID 1292 wrote to memory of 852	1292	rundll32.exe	rundll32.exe
PID 1292 wrote to memory of 852	1292	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\powerzeus_1.0.2.0.vir.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1292

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\powerzeus_1.0.2.0.vir.dll,#1
2⤵
PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/852-0-0x0000000000000000-mapping.dmp

Download