938e0e4868f00c4cda6f6b70542e6eb0d04982b706cd4eb5a4becb7c2da1fd3f | Triage

Analysis

max time kernel
8s
max time network
16s
platform
windows7_x64
resource
win7v200722
submitted
15-09-2020 20:37

Sharing

Report Analysis Logs

General

Target

m3kJUZkr.exe.dll
Size

116KB
MD5

0532e250400ded8515f6d042d388ff07
SHA1

e47ed9a5120f928da174a0178b1698aad8baf0b5
SHA256

938e0e4868f00c4cda6f6b70542e6eb0d04982b706cd4eb5a4becb7c2da1fd3f
SHA512

b03da56c18d7b084ce09fd3dfa1cfeb19c07ee5fc5b0bdbfb0ea935e72c6a4b5e1198aa3362e505d5e178c0df0ff2d8a479f8d96aba13d068343c72b0cc4f27e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 920 wrote to memory of 1868	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1868	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1868	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1868	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1868	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1868	920	rundll32.exe	rundll32.exe
PID 920 wrote to memory of 1868	920	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\m3kJUZkr.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:920

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\m3kJUZkr.exe.dll,#1
2⤵
PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1868-0-0x0000000000000000-mapping.dmp

Download