96e91b49267a47374b3773b891a6c5871cb1eb86be12d7f0d812af3d4b3c7de9 | Triage

Analysis

max time kernel
143s
max time network
145s
platform
windows10_x64
resource
win10v20201028
submitted
12-11-2020 13:58

Sharing

Report Analysis Logs

General

Target

96e91b49267a47374b3773b891a6c5871cb1eb86be12d7f0d812af3d4b3c7de9.dll
Size

207KB
MD5

71585fb03ceface3b9d3589cd74b7169
SHA1

6a0d3475a2109052e54b742a87b99f6985cbba7e
SHA256

96e91b49267a47374b3773b891a6c5871cb1eb86be12d7f0d812af3d4b3c7de9
SHA512

6034f65a6d48b5cacd8ee4a1f4a881a6f4f0a7afb3e485e4178aa13ca2e9e59eab3600e1a52f66e6715f34d49866260ac9e940720f24bdad8aa10c0d9c030071

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1304 wrote to memory of 1368	1304	rundll32.exe	rundll32.exe
PID 1304 wrote to memory of 1368	1304	rundll32.exe	rundll32.exe
PID 1304 wrote to memory of 1368	1304	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\96e91b49267a47374b3773b891a6c5871cb1eb86be12d7f0d812af3d4b3c7de9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1304

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\96e91b49267a47374b3773b891a6c5871cb1eb86be12d7f0d812af3d4b3c7de9.dll,#1
2⤵
PID:1368

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1368-0-0x0000000000000000-mapping.dmp

Download