daa26a415b2fce72a81bb0d76b5e7552cc4e41707bb2e8fd9cfb77da5e14a066 | Triage

Analysis

max time kernel
3s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 19:28

Sharing

Report Analysis Logs

General

Target

file.dll
Size

166KB
MD5

614a456cb642fc9d506532f43848acd7
SHA1

9e521578841ec003c8b2197177b365979209fbfb
SHA256

daa26a415b2fce72a81bb0d76b5e7552cc4e41707bb2e8fd9cfb77da5e14a066
SHA512

d0a33a9a545d9ecfecbaedf8790673bc9c471c7cba3ee6047f490fc1feb5c7c694147e2895e9b5aceb81238ff45421f6fc1c915caa836a8a56980711db2b3fcc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 644 wrote to memory of 1828	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 1828	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 1828	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 1828	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 1828	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 1828	644	rundll32.exe	rundll32.exe
PID 644 wrote to memory of 1828	644	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:644

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
2⤵
PID:1828

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1828-0-0x0000000000000000-mapping.dmp

Download