f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a | Triage

Analysis

max time kernel
10s
max time network
113s
platform
windows10_x64
resource
win10v20201028
submitted
12-11-2020 13:58

Sharing

Report Analysis Logs

General

Target

f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll
Size

207KB
MD5

9f02bd144161a53608d3b6c0e493e6f1
SHA1

df3177d4830eeb1fa5d89e1264dc299a01f617ba
SHA256

f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a
SHA512

047fc9d96d3b70b7c5e83a0e110636cf68117d460c7ff896bf065ed211d2fdb0833b6a350e8f9fc69825a8889dce1224ce944c51e5cc2722c15e3189b4447403

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3988 wrote to memory of 3600	3988	rundll32.exe	rundll32.exe
PID 3988 wrote to memory of 3600	3988	rundll32.exe	rundll32.exe
PID 3988 wrote to memory of 3600	3988	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3988

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f609e2e77f76e891d3533b0c3eb6db5bb8385e120fd1101e509ba1313cc3135a.dll,#1
2⤵
PID:3600

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3600-0-0x0000000000000000-mapping.dmp

Download