d279ddb6b2a566bc24e789b5181663491b8c2818cb91e28aae5721dcb0bf30b6 | Triage

Analysis

max time kernel
54s
max time network
62s
platform
windows7_x64
resource
win7v200722
submitted
31-07-2020 13:24

Sharing

Report Analysis Logs

General

Target

muka.bin.dll
Size

246KB
MD5

bdf3e5409d32652de21352d194c219ee
SHA1

2d9b653fbeacf6fb31ab6ada3e2b1557c597b7be
SHA256

d279ddb6b2a566bc24e789b5181663491b8c2818cb91e28aae5721dcb0bf30b6
SHA512

6b1c92cd26f00eebdecbb00a7d0810490aa29ed4b76452f4ef60e09cc863c6fa193a5dc0421068ee7ca03caf6f1328783cd556957af282c9ca6043651258ad6b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1452 wrote to memory of 1484	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1484	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1484	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1484	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1484	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1484	1452	rundll32.exe	rundll32.exe
PID 1452 wrote to memory of 1484	1452	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\muka.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1452

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\muka.bin.dll,#1
2⤵
PID:1484

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1484-0-0x0000000000000000-mapping.dmp

Download