e3e37c5cf4b43ea92fd71e08edc38bcfe6fe33f283f62aa5632113c444a71b00 | Triage

Analysis

max time kernel
3s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
03-11-2020 01:07

Sharing

Report Analysis Logs

General

Target

8hHzXixt.exe.dll
Size

116KB
MD5

73f8252eea3a1361eb07f58f7e695f5d
SHA1

cf153e39e65b2ccc3ea0bc7637ff075b9f43579c
SHA256

e3e37c5cf4b43ea92fd71e08edc38bcfe6fe33f283f62aa5632113c444a71b00
SHA512

ad9f41b212568ad5888641104fdb2ff83fb98d97ddc8728ace4d853dac14467dd12b6162d0df43b30f54bfc0228c193fe7dec29ebf83392a7ed96a938d3cec86

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 288 wrote to memory of 1892	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1892	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1892	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1892	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1892	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1892	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1892	288	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8hHzXixt.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:288

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8hHzXixt.exe.dll,#1
2⤵
PID:1892

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1892-0-0x0000000000000000-mapping.dmp

Download