191bbf8eafbe5dfcf56bb139f36d44724bdb9fd1e708cd29dfd2d7b2b916f9f2 | Triage

Resubmissions

15-10-2020 13:31

201015-fye6cmvw2x 10

15-10-2020 10:36

201015-lpwpgvvlrx 10

07-10-2020 13:09

201007-gb8s3rc2dn 1

07-10-2020 04:33

201007-bq47zyvhf2 1

Analysis

max time kernel
9s
max time network
152s
platform
windows7_x64
resource
win7v200722
submitted
07-10-2020 04:33

Sharing

Report Analysis Logs

General

Target

adfde0367ba639980632da58a5444005.dll
Size

429KB
MD5

adfde0367ba639980632da58a5444005
SHA1

451dd7d059eb7fd22bb7bb46e64de0a1436e6dc3
SHA256

191bbf8eafbe5dfcf56bb139f36d44724bdb9fd1e708cd29dfd2d7b2b916f9f2
SHA512

1726d83df12cbd9c2a07322925253053720a65d986b4acbb356240afbbed63589c163c7dacaf9a00242769d32943241af2edc6be7ea80e52ee2b041e1843508e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1420 wrote to memory of 1052	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1052	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1052	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1052	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1052	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1052	1420	rundll32.exe	rundll32.exe
PID 1420 wrote to memory of 1052	1420	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\adfde0367ba639980632da58a5444005.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\adfde0367ba639980632da58a5444005.dll,#1
  2⤵
  PID:1052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1052-0-0x0000000000000000-mapping.dmp

Download