b0d4a12f337ac4ea1b675230009e2ef009f5113606956aaa754b20d541befc3b | Triage

Analysis

max time kernel
3s
max time network
10s
platform
windows7_x64
resource
win7v20201028
submitted
15-11-2020 22:38

Sharing

Report Analysis Logs

General

Target

b0d4a12f337ac4ea1b675230009e2ef009f5113606956aaa754b20d541befc3b.dll
Size

207KB
MD5

30fed1cf2c80b85042f22f4fb1f7a7ea
SHA1

c87270996a7e6b99531720799cc158481d6f998e
SHA256

b0d4a12f337ac4ea1b675230009e2ef009f5113606956aaa754b20d541befc3b
SHA512

8cd199923f1f22aae719d8d7154a504fb93b54e66c8a45855236d8cec2125757ddb09752b170cd2bd5ba4c9011f150eedfc7420986a3b32c77fa33cf892c24ff

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 748 wrote to memory of 2016	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 2016	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 2016	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 2016	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 2016	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 2016	748	rundll32.exe	rundll32.exe
PID 748 wrote to memory of 2016	748	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b0d4a12f337ac4ea1b675230009e2ef009f5113606956aaa754b20d541befc3b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:748

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b0d4a12f337ac4ea1b675230009e2ef009f5113606956aaa754b20d541befc3b.dll,#1
2⤵
PID:2016

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-0-0x0000000000000000-mapping.dmp

Download