693e56d27b658947e6a9d0f18803cc38b430a9f203ad91cb680e6ea1acafe40f | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7
submitted
28-08-2020 13:18

Sharing

Report Analysis Logs

General

Target

693e56d27b658947e6a9d0f18803cc38b430a9f203ad91cb680e6ea1acafe40f.dll
Size

12KB
MD5

8d79d99a1571e751f2672d2689c37081
SHA1

2b4d512d7218b97a8d1e6d8ed43b4ca9ba2b4b34
SHA256

693e56d27b658947e6a9d0f18803cc38b430a9f203ad91cb680e6ea1acafe40f
SHA512

6f5434bc4f16b05f3f62588109e5769b13172089993c85804a36359ea47c1a69b769d518921d110e4b52bf64444e834aec642ffb03f545eb756a01b0986debb7

Score

8^/10

Malware Config

Signatures

Blacklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

1 912 rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1144 wrote to memory of 912	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 912	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 912	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 912	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 912	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 912	1144	rundll32.exe	rundll32.exe
PID 1144 wrote to memory of 912	1144	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\693e56d27b658947e6a9d0f18803cc38b430a9f203ad91cb680e6ea1acafe40f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\693e56d27b658947e6a9d0f18803cc38b430a9f203ad91cb680e6ea1acafe40f.dll,#1
  2⤵
  - Blacklisted process makes network request
  PID:912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/912-0-0x0000000000000000-mapping.dmp

Download