0ee7783213426a5e46bc11a91acf5f2d73890bb09bbf4f3b932a4b79eeb6b820 | Triage

Analysis

max time kernel
4s
max time network
19s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 19:26

Sharing

Report Analysis Logs

General

Target

file.dll
Size

166KB
MD5

9e9b0ef4fc739c3eb36a762122451992
SHA1

035fe67a3d04f0a678724851cabc917b28416fe1
SHA256

0ee7783213426a5e46bc11a91acf5f2d73890bb09bbf4f3b932a4b79eeb6b820
SHA512

01435694c0941b004584d40c3d11866e8f319445ed937095d9777911bd6f36c6bd9449b4effa369120cf6ded9de9a375719e256c6f8380bd5fbd4f4ca0c6d715

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1056 wrote to memory of 1768	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 1768	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 1768	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 1768	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 1768	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 1768	1056	rundll32.exe	rundll32.exe
PID 1056 wrote to memory of 1768	1056	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1056

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
2⤵
PID:1768

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1768-0-0x0000000000000000-mapping.dmp

Download