016b9f1c52a6eff5ec77deb7efbf2265a9d4fe0508510e6bf241098b29dbaa25 | Triage

Analysis

max time kernel
3s
max time network
9s
platform
windows7_x64
resource
win7v200722
submitted
13-09-2020 04:07

Sharing

Report Analysis Logs

General

Target

bqAQbi5M.exe.dll
Size

116KB
MD5

090d99413c6022cac70fb8883db20aa1
SHA1

cd37eaf2f807199f6bb74c7d0c83dd0f5d11e2ae
SHA256

016b9f1c52a6eff5ec77deb7efbf2265a9d4fe0508510e6bf241098b29dbaa25
SHA512

efc3b059a7bbd829cd06ca27d7228701a240b1a7af7483ee63331a0640d0b8b2a3c77ff965b566ebfdd8854b5431de89e903ecf63ed167e8bbd74386f8398d02

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1460 wrote to memory of 296	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 296	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 296	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 296	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 296	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 296	1460	rundll32.exe	rundll32.exe
PID 1460 wrote to memory of 296	1460	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bqAQbi5M.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1460

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bqAQbi5M.exe.dll,#1
2⤵
PID:296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/296-0-0x0000000000000000-mapping.dmp

Download