c3ed8705aecf16a07e86717d4dd6a33847cf0b87bb2d58e56a502bbf952d5f03 | Triage

Analysis

max time kernel
45s
max time network
47s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 19:27

Sharing

Report Analysis Logs

General

Target

file.dll
Size

164KB
MD5

f1d7748df9fa1f8dbe8af1551d6500b8
SHA1

795f3d5a7481859135323e8996fda1709b157ca8
SHA256

c3ed8705aecf16a07e86717d4dd6a33847cf0b87bb2d58e56a502bbf952d5f03
SHA512

3c1e77f113367f7ec7a492d8f8140afa124d0359ea05883adbe732527073415799990f9b4bb6492bf10eb5eb2117feeb8c799b282caf9a2c7c8f0f0907fe0a4f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 536 wrote to memory of 1904	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1904	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1904	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1904	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1904	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1904	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1904	536	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:536

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
2⤵
PID:1904

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1904-0-0x0000000000000000-mapping.dmp

Download