d702d8b0a40a03bd11d5a645d2da52228e9275e68531c390b65a77709a8e3e86 | Triage

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7v20201028
submitted
12-11-2020 00:06

Sharing

Report Analysis Logs

General

Target

Dumped_Beacon_DLL_powershell_ise_exe_PIDd7c_hiddenmodule_4480000_x86.dll
Size

248KB
MD5

7d55a3f0151b59a1a28a8bb0519176be
SHA1

4dc08fc88a7c8af4557df0a0b28df5b67751c1e3
SHA256

0d0c1dc04c2a607e0042f4611a1b975cae82b3bb7e5e5ff912f23924ee1b88c5
SHA512

440fec1b76830ff35146b7ad2cc082e64e5ac39cde120849442cdf2ea265e0e5a5d107ae204cdfe367deca7d478bb46061d06530bf7983ddbde61918aecb1d0d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 932 wrote to memory of 1904	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1904	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1904	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1904	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1904	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1904	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1904	932	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dumped_Beacon_DLL_powershell_ise_exe_PIDd7c_hiddenmodule_4480000_x86.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:932

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dumped_Beacon_DLL_powershell_ise_exe_PIDd7c_hiddenmodule_4480000_x86.dll,#1
2⤵
PID:1904

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1904-0-0x0000000000000000-mapping.dmp

Download