6ac9e09c3cb1f0830c9dd9932f7a3274d4b329cc6c8635264d7f1744c6ea8808 | Triage

Analysis

max time kernel
111s
max time network
112s
platform
windows7_x64
resource
win7v20201028
submitted
12-11-2020 14:42

Sharing

Report Analysis Logs

General

Target

6ac9e09c3cb1f0830c9dd9932f7a3274d4b329cc6c8635264d7f1744c6ea8808.dll
Size

207KB
MD5

2359162a4d0dbd53d55c172a54e51d5d
SHA1

7adf6ac180511e7aac39f7f65f60ae2103f3d75a
SHA256

6ac9e09c3cb1f0830c9dd9932f7a3274d4b329cc6c8635264d7f1744c6ea8808
SHA512

b31a7439123ebef54db8ed02a4e80d7a8c35eed5b80de0e1d9f97f6d42bbf7663ecb4e21662ce85c47db4ac5521bbf3526ce395e7a36333144f92a0af4375150

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 300 wrote to memory of 1648	300	rundll32.exe	rundll32.exe
PID 300 wrote to memory of 1648	300	rundll32.exe	rundll32.exe
PID 300 wrote to memory of 1648	300	rundll32.exe	rundll32.exe
PID 300 wrote to memory of 1648	300	rundll32.exe	rundll32.exe
PID 300 wrote to memory of 1648	300	rundll32.exe	rundll32.exe
PID 300 wrote to memory of 1648	300	rundll32.exe	rundll32.exe
PID 300 wrote to memory of 1648	300	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ac9e09c3cb1f0830c9dd9932f7a3274d4b329cc6c8635264d7f1744c6ea8808.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:300

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ac9e09c3cb1f0830c9dd9932f7a3274d4b329cc6c8635264d7f1744c6ea8808.dll,#1
2⤵
PID:1648

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1648-0-0x0000000000000000-mapping.dmp

Download