bc8dc839be99fa4411ee9b7fb8e042095a324d0d1400ca1545924894ec143ec5 | Triage

Analysis

max time kernel
87s
max time network
141s
platform
windows10_x64
resource
win10
submitted
27-10-2020 06:33

Sharing

Report Analysis Logs

General

Target

ggf.dll
Size

667KB
MD5

3f4b7d537973a560df0898d821697f85
SHA1

a811b3af1cd710cb175e27faf97a66cf51ec18af
SHA256

bc8dc839be99fa4411ee9b7fb8e042095a324d0d1400ca1545924894ec143ec5
SHA512

e65a94d4b4a18ac4ac2fe722e2d6098f9b78b0d9b4f702977e2baff823f7c6b4c4a536de18c635d25662ae768efbee90b659073262196d36add52a5dec9ea498

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 388 wrote to memory of 4012	388	rundll32.exe	rundll32.exe
PID 388 wrote to memory of 4012	388	rundll32.exe	rundll32.exe
PID 388 wrote to memory of 4012	388	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ggf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:388

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ggf.dll,#1
2⤵
PID:4012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4012-0-0x0000000000000000-mapping.dmp

Download