bacf975a36b72572e8a81da080f46c942bcbf3f3160c231f34cbae67996bc180 | Triage

Analysis

max time kernel
4s
max time network
15s
platform
windows7_x64
resource
win7v20201028
submitted
15-11-2020 23:14

Sharing

Report Analysis Logs

General

Target

bacf975a36b72572e8a81da080f46c942bcbf3f3160c231f34cbae67996bc180.dll
Size

207KB
MD5

380f4918c8286681e66d2ab5ab9b8f6a
SHA1

4b89521e8baccbdbd0632f7725ac4dc80efa2b22
SHA256

bacf975a36b72572e8a81da080f46c942bcbf3f3160c231f34cbae67996bc180
SHA512

d1529885260dd56c46c4fc21987d3f682cec978440678c1a59335fd49915261b501aa2a068da0fe60f88f31432d3cb01a37330d70d1b13f2b95be883c5b2798e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 288 wrote to memory of 1872	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1872	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1872	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1872	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1872	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1872	288	rundll32.exe	rundll32.exe
PID 288 wrote to memory of 1872	288	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bacf975a36b72572e8a81da080f46c942bcbf3f3160c231f34cbae67996bc180.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:288

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bacf975a36b72572e8a81da080f46c942bcbf3f3160c231f34cbae67996bc180.dll,#1
2⤵
PID:1872

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1872-0-0x0000000000000000-mapping.dmp

Download