4270895e0d3973d98d5014e299f9e9a4dee0e528d37adbbcf47dc52ca483fd74 | Triage

Analysis

max time kernel
132s
max time network
153s
platform
windows7_x64
resource
win7
submitted
29-09-2020 00:22

Sharing

Report Analysis Logs

General

Target

YJxE8vf6.exe.dll
Size

116KB
MD5

a133909376f0499059642768d4f73a95
SHA1

fda53c8b4d684b7454d204ed395934159c091133
SHA256

4270895e0d3973d98d5014e299f9e9a4dee0e528d37adbbcf47dc52ca483fd74
SHA512

f205002c4059a98c1b917be8644c9f1d02ec4ccdf10d35e7bb34d75f47aca72f16400dce024842dd4694d9557bdf20d5dece66dd2be112bade22d0101f8a6ae0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1508 wrote to memory of 1064	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1064	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1064	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1064	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1064	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1064	1508	rundll32.exe	rundll32.exe
PID 1508 wrote to memory of 1064	1508	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\YJxE8vf6.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1508

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\YJxE8vf6.exe.dll,#1
2⤵
PID:1064

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1064-0-0x0000000000000000-mapping.dmp

Download