0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a | Triage

Analysis

max time kernel
3s
max time network
12s
platform
windows7_x64
resource
win7v20201028
submitted
06-11-2020 11:30

Sharing

Report Analysis Logs

General

Target

0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a.dll
Size

354KB
MD5

4984d8b44e60501d23606a4ffcd6547c
SHA1

bb9d88cadeeb6f3be85f66ae00d3e81ba803bf70
SHA256

0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a
SHA512

2c5667c19b79565ad66bd0bd1e61a67a0f522fec175eb20834928ed44710f5efdb356dfb472cc850c8b1a4f46f508b424c23b8c0261766c39a08f91b5b380969

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1900 wrote to memory of 1344	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1344	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1344	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1344	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1344	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1344	1900	rundll32.exe	rundll32.exe
PID 1900 wrote to memory of 1344	1900	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a.dll,#1
2⤵
PID:1344

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1344-0-0x0000000000000000-mapping.dmp

Download