3d2cd1db2e614f7901ece128c1983e714552dc2963423c77d6737583187922fd | Triage

Analysis

max time kernel
13s
max time network
111s
platform
windows10_x64
resource
win10v20201028
submitted
11-11-2020 11:42

Sharing

Report Analysis Logs

General

Target

3d2cd1db2e614f7901ece128c1983e714552dc2963423c77d6737583187922fd.dll
Size

204KB
MD5

dc58b330aa8afb586ad52b604b8379c3
SHA1

b4092d8000862ea1e8e2cb1082ee7cac32c53640
SHA256

3d2cd1db2e614f7901ece128c1983e714552dc2963423c77d6737583187922fd
SHA512

12e558bf2726a07bbafb22215183372dd6d3167ba1b32f9c51291daca1215144dcda11fdbdac2af8b99ed90455ee63179a1c420d8940f36672519d3e8510d90c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 944 wrote to memory of 1464	944	rundll32.exe	rundll32.exe
PID 944 wrote to memory of 1464	944	rundll32.exe	rundll32.exe
PID 944 wrote to memory of 1464	944	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d2cd1db2e614f7901ece128c1983e714552dc2963423c77d6737583187922fd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:944

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d2cd1db2e614f7901ece128c1983e714552dc2963423c77d6737583187922fd.dll,#1
2⤵
PID:1464

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1464-0-0x0000000000000000-mapping.dmp

Download