910489e9cbb9be62a2ee6100e09d0d6006fe21cbd73d5b7085f1b69f292cf006 | Triage

Analysis

max time kernel
88s
max time network
97s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 19:27

Sharing

Report Analysis Logs

General

Target

file.dll
Size

166KB
MD5

621382b4f07a2da6deffdc8ccd502f85
SHA1

b2fd492ebd3912a92fca518320a6c8e5aee3b11b
SHA256

910489e9cbb9be62a2ee6100e09d0d6006fe21cbd73d5b7085f1b69f292cf006
SHA512

11afe343d0c86ec2b7dbf0712b0988c07f633a92e45d5bef3825d4468718cc0d65ffa546a9cdbc1b13b5b29b6c43e61906fe06b89400451cb004004fd9409a7b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2024 wrote to memory of 1384	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1384	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1384	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1384	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1384	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1384	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1384	2024	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
2⤵
PID:1384

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1384-0-0x0000000000000000-mapping.dmp

Download