89f9499b3426a05ce92301481d038fe4779549c30f38c45556cbdb2558a18944 | Triage

Analysis

max time kernel
3s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 19:27

Sharing

Report Analysis Logs

General

Target

file.dll
Size

166KB
MD5

5e133a8e4d10eed0ebaacc568447d8f8
SHA1

f4ffc63890c46035348819a6eb1d7f9ed8bf84c7
SHA256

89f9499b3426a05ce92301481d038fe4779549c30f38c45556cbdb2558a18944
SHA512

f992b586416da3dcac34473164d69508a4146b003dd0ad6ebb0dd70868367511506d5f2f4f4bea1d89b1719f715df3f6bb95aa1ea0bfc9517527a8f96cd00651

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 596 wrote to memory of 1072	596	rundll32.exe	rundll32.exe
PID 596 wrote to memory of 1072	596	rundll32.exe	rundll32.exe
PID 596 wrote to memory of 1072	596	rundll32.exe	rundll32.exe
PID 596 wrote to memory of 1072	596	rundll32.exe	rundll32.exe
PID 596 wrote to memory of 1072	596	rundll32.exe	rundll32.exe
PID 596 wrote to memory of 1072	596	rundll32.exe	rundll32.exe
PID 596 wrote to memory of 1072	596	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:596

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
2⤵
PID:1072

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1072-0-0x0000000000000000-mapping.dmp

Download