a09d8c487a135b973af532247d62f46695a53f37add6c66e561f1c14650290f5 | Triage

Analysis

max time kernel
44s
max time network
106s
platform
windows10_x64
resource
win10v20201028
submitted
13-11-2020 22:03

Sharing

Report Analysis Logs

General

Target

Maaywuku2.dll
Size

123KB
MD5

c33bd283a36d34b8de1826585e564530
SHA1

540f3ba581d2f0a4004da108ff20fb7a5c0b708c
SHA256

a09d8c487a135b973af532247d62f46695a53f37add6c66e561f1c14650290f5
SHA512

12b570c44dfb89dcf9c77f0d429e58c3bce7a302ecc83e76962393169416c6956698fc9e291c49946ecb3e4ea3f52e201b0f3fe6a59d3fdfd9b06eba7f49248f

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

Processes:

rundll32.exe

flow pid process

21 1384 rundll32.exe
23 1384 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 972 wrote to memory of 1384	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 1384	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 1384	972	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Maaywuku2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:972

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Maaywuku2.dll,#1
2⤵
- Blocklisted process makes network request
PID:1384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1384-0-0x0000000000000000-mapping.dmp

Download