bec5d4b9979a2094fe1062512ea2754b9ce573b879b25167fa8a4f52f350edc9 | Triage

Analysis

max time kernel
3s
max time network
16s
platform
windows7_x64
resource
win7
submitted
27-09-2020 23:22

Sharing

Report Analysis Logs

General

Target

zmsv4JeS.exe.dll
Size

116KB
MD5

20ed7ed36e052a523030ae979e872793
SHA1

b686ea3f47c254082c584ee9d18d386af4e0c870
SHA256

bec5d4b9979a2094fe1062512ea2754b9ce573b879b25167fa8a4f52f350edc9
SHA512

7df169ae3bf9bf85205a7b5a4d5ed33aed897073dc003a7ef1eea529473fffe005b549bd72e9f098ed958c8a5232640dc12928413d0690a3b6692ffd0b32cb94

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1544 wrote to memory of 1480	1544	rundll32.exe	rundll32.exe
PID 1544 wrote to memory of 1480	1544	rundll32.exe	rundll32.exe
PID 1544 wrote to memory of 1480	1544	rundll32.exe	rundll32.exe
PID 1544 wrote to memory of 1480	1544	rundll32.exe	rundll32.exe
PID 1544 wrote to memory of 1480	1544	rundll32.exe	rundll32.exe
PID 1544 wrote to memory of 1480	1544	rundll32.exe	rundll32.exe
PID 1544 wrote to memory of 1480	1544	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\zmsv4JeS.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1544

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\zmsv4JeS.exe.dll,#1
2⤵
PID:1480

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1480-0-0x0000000000000000-mapping.dmp

Download