b7039a26d652162a8a0160c463be80e12a007fd44ce7b3c635f0ab8e23f62142 | Triage

Analysis

max time kernel
11s
max time network
111s
platform
windows10_x64
resource
win10v20201028
submitted
15-11-2020 22:42

Sharing

Report Analysis Logs

General

Target

b7039a26d652162a8a0160c463be80e12a007fd44ce7b3c635f0ab8e23f62142.dll
Size

207KB
MD5

addd9730dbf6b4da215e95ee59db531a
SHA1

31d56e9dcc69b24dbb96366d0f45ab156a5a793d
SHA256

b7039a26d652162a8a0160c463be80e12a007fd44ce7b3c635f0ab8e23f62142
SHA512

59254000870fabfc209ab6c7e166d6110fd93d16836a5a1ddf6cfe869eda64a089f3a642b77860284e8176d9b7ae230bf879bd12adcdfee0b6c8a45922acccb4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4696 wrote to memory of 4716	4696	rundll32.exe	rundll32.exe
PID 4696 wrote to memory of 4716	4696	rundll32.exe	rundll32.exe
PID 4696 wrote to memory of 4716	4696	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7039a26d652162a8a0160c463be80e12a007fd44ce7b3c635f0ab8e23f62142.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4696

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7039a26d652162a8a0160c463be80e12a007fd44ce7b3c635f0ab8e23f62142.dll,#1
2⤵
PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4716-0-0x0000000000000000-mapping.dmp

Download