d1c694864523ee13235c70fb120b4605c07f840a0d2cee2b2707c7dfc9ec45f4 | Triage

Analysis

max time kernel
60s
max time network
120s
platform
windows10_x64
resource
win10v20201028
submitted
11-11-2020 11:09

Sharing

Report Analysis Logs

General

Target

d1c694864523ee13235c70fb120b4605c07f840a0d2cee2b2707c7dfc9ec45f4.dll
Size

207KB
MD5

c8b50ca983b80b94c80a2257c36147d3
SHA1

48e7150a0f125cf3cd4ff3e0978c0460815acb5c
SHA256

d1c694864523ee13235c70fb120b4605c07f840a0d2cee2b2707c7dfc9ec45f4
SHA512

edc4ca08df47aa9c8e10c642777a43d4ec7a8e356eb1dce8c1c598d53d03bf634ea35785cc8f9ef5cfa353db488d593bc2c1a972f1968ea6c30408e3d6ab16e8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3004 wrote to memory of 3572	3004	rundll32.exe	rundll32.exe
PID 3004 wrote to memory of 3572	3004	rundll32.exe	rundll32.exe
PID 3004 wrote to memory of 3572	3004	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1c694864523ee13235c70fb120b4605c07f840a0d2cee2b2707c7dfc9ec45f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3004

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1c694864523ee13235c70fb120b4605c07f840a0d2cee2b2707c7dfc9ec45f4.dll,#1
2⤵
PID:3572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3572-0-0x0000000000000000-mapping.dmp

Download