ce19e4ed0385850a51c60558b2f38fad20196cdeaae3767ffb92e8dd2508a88b | Triage

Analysis

max time kernel
132s
max time network
152s
platform
windows7_x64
resource
win7
submitted
03-10-2020 00:38

Sharing

Report Analysis Logs

General

Target

aJnevj8H.exe.dll
Size

116KB
MD5

b8fc295190e8c19d1f0737c3f4c61279
SHA1

dd612752d115ea406a2c474b39bbb5d7ada62002
SHA256

ce19e4ed0385850a51c60558b2f38fad20196cdeaae3767ffb92e8dd2508a88b
SHA512

abc60b2de8dce92bb988fa57cdcb78558a7769d9e094aafcb9969b61bc73f2afa9faddccbb82365dc54d70d9506f61fa96004cb05a20f3ec132e1c22ad054937

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2040 wrote to memory of 1612	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 1612	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 1612	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 1612	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 1612	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 1612	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 1612	2040	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aJnevj8H.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aJnevj8H.exe.dll,#1
2⤵
PID:1612

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1612-0-0x0000000000000000-mapping.dmp

Download