8d49c283fa8ca2972aa06c3652da6739965900caf47c0d630305f9d0f3fe6396 | Triage

Analysis

max time kernel
132s
max time network
152s
platform
windows7_x64
resource
win7
submitted
07-10-2020 00:07

Sharing

Report Analysis Logs

General

Target

KU9xYWyM.exe.dll
Size

116KB
MD5

3a065c873f2e373e2aeaab748fad9d56
SHA1

6de8ed95338ac50900ee1dc14f9fd2d338a5a9ea
SHA256

8d49c283fa8ca2972aa06c3652da6739965900caf47c0d630305f9d0f3fe6396
SHA512

96c275f93883225a7adddaa25777b524baa05c05be16d3f6aa2ba1fd44fc0daeea56f3e72a64330884caaeeae43f50d3d411c782cfd7904251b056930e98cdcc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1768 wrote to memory of 1892	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1892	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1892	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1892	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1892	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1892	1768	rundll32.exe	rundll32.exe
PID 1768 wrote to memory of 1892	1768	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\KU9xYWyM.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\KU9xYWyM.exe.dll,#1
2⤵
PID:1892

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1892-0-0x0000000000000000-mapping.dmp

Download