b7ae1fa5ac7ee65dffd93e9defd51b2e39a1030620560fe9eff51315e75c8885 | Triage

Analysis

max time kernel
7s
max time network
12s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 19:27

Sharing

Report Analysis Logs

General

Target

file.dll
Size

164KB
MD5

0192dd37e2473913dddf82b3912f928e
SHA1

d4ca6df549db7bb747ba63df70720cea68679b07
SHA256

b7ae1fa5ac7ee65dffd93e9defd51b2e39a1030620560fe9eff51315e75c8885
SHA512

939e359de10339bdf5a23990bc76e41a82d199a425931ceb0c2870babdb2204dd3dad567801e8be45d1df9500d438fe30b8b1274c7c785b64846e919b2f2c88c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 344 wrote to memory of 1920	344	rundll32.exe	rundll32.exe
PID 344 wrote to memory of 1920	344	rundll32.exe	rundll32.exe
PID 344 wrote to memory of 1920	344	rundll32.exe	rundll32.exe
PID 344 wrote to memory of 1920	344	rundll32.exe	rundll32.exe
PID 344 wrote to memory of 1920	344	rundll32.exe	rundll32.exe
PID 344 wrote to memory of 1920	344	rundll32.exe	rundll32.exe
PID 344 wrote to memory of 1920	344	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:344

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
2⤵
PID:1920

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1920-0-0x0000000000000000-mapping.dmp

Download