635a1f8e2eff8717c791f846b6e7a4b0c1d1d84d93c20630686d5079a9ede5c3 | Triage

Analysis

max time kernel
105s
max time network
114s
platform
windows10_x64
resource
win10
submitted
27-10-2020 10:12

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan-Banker.Win32.Cridex.gen.10545.dll
Size

667KB
MD5

b92aa4b3201734007fbce2e237fe091f
SHA1

9982a7d1af6b13e48c39fd2327ac3181f09856e1
SHA256

635a1f8e2eff8717c791f846b6e7a4b0c1d1d84d93c20630686d5079a9ede5c3
SHA512

6116392f19c439a2c029b2e48641730429d084183f4ab29f75eba4bc3f172984e30afbec31643193faf93b2aa10d0bea9af4e36dc7eb13e86baba1f467c82574

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4056 wrote to memory of 2916	4056	rundll32.exe	rundll32.exe
PID 4056 wrote to memory of 2916	4056	rundll32.exe	rundll32.exe
PID 4056 wrote to memory of 2916	4056	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Banker.Win32.Cridex.gen.10545.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4056

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Banker.Win32.Cridex.gen.10545.dll,#1
2⤵
PID:2916

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2916-0-0x0000000000000000-mapping.dmp

Download