9f9ec018f395592b0cd8726972e6bf1400eeb13b8535cf314de5f135bb65fdec | Triage

Analysis

max time kernel
130s
max time network
145s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 19:28

Sharing

Report Analysis Logs

General

Target

file.dll
Size

164KB
MD5

2f40bf5768d6c648145fe304fbdb2558
SHA1

251e8da7b311d7a7180391b74c8a93235104378b
SHA256

9f9ec018f395592b0cd8726972e6bf1400eeb13b8535cf314de5f135bb65fdec
SHA512

89530400d93859cae6fe99aa704f153022056f758a13ea0d7ac1d86c3898b0d6878e2d3e5fdbc9ed41e2c8d640cae4c4f394859ea44e52e5e0e3258c9f3161e7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1056 wrote to memory of 2004	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 2004	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 2004	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 2004	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 2004	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 2004	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 2004	1056	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1056

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
2⤵
PID:2004

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-0-0x0000000000000000-mapping.dmp

Download