9b183afcfccc12af90f82c5f5b8a077bd8c77cf815c62e946a0dfdb4bc78847f | Triage

Analysis

max time kernel
6s
max time network
11s
platform
windows7_x64
resource
win7v200722
submitted
02-09-2020 16:06

Sharing

Report Analysis Logs

General

Target

9b183afcfccc12af90f82c5f5b8a077bd8c77cf815c62e946a0dfdb4bc78847f.dll
Size

116KB
MD5

e464e53eb7a4f84aa2fd0a540b2a3840
SHA1

bdc8d31dcd1f56a9ab2abf79bba817fb75b3859b
SHA256

9b183afcfccc12af90f82c5f5b8a077bd8c77cf815c62e946a0dfdb4bc78847f
SHA512

5ce4c7bd667c361fc1afeb752e59de9f29d7ed5c0252af3b6cb7e78e9ebd2ab237a454daea4474640e35fdc8b6d4be47a60cb8926a4801469f0570c64d2ad110

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1420 wrote to memory of 1044	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1044	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1044	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1044	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1044	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1044	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1044	1420	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b183afcfccc12af90f82c5f5b8a077bd8c77cf815c62e946a0dfdb4bc78847f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1420

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b183afcfccc12af90f82c5f5b8a077bd8c77cf815c62e946a0dfdb4bc78847f.dll,#1
2⤵
PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-0-0x0000000000000000-mapping.dmp

Download