8c55958dc4f421350c0b0c5ac16004238f4d0957a7fba86832f7da76788a4804 | Triage

Analysis

max time kernel
6s
max time network
18s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 19:26

Sharing

Report Analysis Logs

General

Target

file.dll
Size

166KB
MD5

c3f14287cc4ca1c70e11dfe5afda7706
SHA1

752b14561f5633cfcb3450c7627afb96c2cbd2e7
SHA256

8c55958dc4f421350c0b0c5ac16004238f4d0957a7fba86832f7da76788a4804
SHA512

0f7e9b8a8da7fe2f0b0d76eb0ff92a99194c24045fccce43e12b5ae93854e68ba7523405796adb561798009e4bb09c7dda245aad6855089e720db0c791fa2b7e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1852 wrote to memory of 1192	1852	rundll32.exe	rundll32.exe
PID 1852 wrote to memory of 1192	1852	rundll32.exe	rundll32.exe
PID 1852 wrote to memory of 1192	1852	rundll32.exe	rundll32.exe
PID 1852 wrote to memory of 1192	1852	rundll32.exe	rundll32.exe
PID 1852 wrote to memory of 1192	1852	rundll32.exe	rundll32.exe
PID 1852 wrote to memory of 1192	1852	rundll32.exe	rundll32.exe
PID 1852 wrote to memory of 1192	1852	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1852

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
2⤵
PID:1192

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1192-0-0x0000000000000000-mapping.dmp

Download