ddf74c11fc2d7aa8e26404ea318b40070e29b49cf977f0ef76b1e04fa2e8f2e7 | Triage

Analysis

max time kernel
5s
max time network
13s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 20:37

Sharing

Report Analysis Logs

General

Target

pk9rEyAv.exe.dll
Size

115KB
MD5

3da6484a1a8f6672a79b23810c6e79cb
SHA1

bd452d1c9431344fbd9c95e0d520a87015b8efad
SHA256

ddf74c11fc2d7aa8e26404ea318b40070e29b49cf977f0ef76b1e04fa2e8f2e7
SHA512

5928ea70eaaae41792de72af682045a56405d3d851a60016115b9a556174fdb759477271d312825770088eac591b9fe1d126fac68efbbd8d391082b101ef1336

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1876 wrote to memory of 2040	1876	rundll32.exe	rundll32.exe
PID 1876 wrote to memory of 2040	1876	rundll32.exe	rundll32.exe
PID 1876 wrote to memory of 2040	1876	rundll32.exe	rundll32.exe
PID 1876 wrote to memory of 2040	1876	rundll32.exe	rundll32.exe
PID 1876 wrote to memory of 2040	1876	rundll32.exe	rundll32.exe
PID 1876 wrote to memory of 2040	1876	rundll32.exe	rundll32.exe
PID 1876 wrote to memory of 2040	1876	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pk9rEyAv.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1876

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pk9rEyAv.exe.dll,#1
2⤵
PID:2040

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-0-0x0000000000000000-mapping.dmp

Download