83002399482a30115e37cea0222fdb265cc6d57101ca7ce4591374acd6b8a371 | Triage

Analysis

max time kernel
3s
max time network
17s
platform
windows7_x64
resource
win7
submitted
18-09-2020 14:01

Sharing

Report Analysis Logs

General

Target

uRzaV4mH.exe.dll
Size

116KB
MD5

586c80559a50dc4a431d36caaf3c2694
SHA1

f59dc0c154de3f02804f643047db9beb2f3a579a
SHA256

83002399482a30115e37cea0222fdb265cc6d57101ca7ce4591374acd6b8a371
SHA512

b79e1a4a28011ab62d8a86c8ceaa3d8dc8959b76fbe7744e9290e8c9d89dc8afaaf3e59a9b80c12885301fcfbc2b4045c65562470e3fde06cf7ed7e9c860594d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1088 wrote to memory of 324	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 324	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 324	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 324	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 324	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 324	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 324	1088	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\uRzaV4mH.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1088

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\uRzaV4mH.exe.dll,#1
2⤵
PID:324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/324-0-0x0000000000000000-mapping.dmp

Download