574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5 | Triage

Analysis

max time kernel
4s
max time network
21s
platform
windows7_x64
resource
win7v20201028
submitted
15-11-2020 22:40

Sharing

Report Analysis Logs

General

Target

574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll
Size

207KB
MD5

a3b0e82c8ffcaf9f706da8e804c080fa
SHA1

00902d7238d8223f8aa927d50ef24cad92b38bf2
SHA256

574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5
SHA512

e8b6def9254328e896667865daf57ec593f9a4d0f85ca9327bbfca8aa4c92140e1697557b369174f579a95a2ba26c1833885a1a1fac642976843de3e5acd468c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1644 wrote to memory of 1196	1644	rundll32.exe	rundll32.exe
PID 1644 wrote to memory of 1196	1644	rundll32.exe	rundll32.exe
PID 1644 wrote to memory of 1196	1644	rundll32.exe	rundll32.exe
PID 1644 wrote to memory of 1196	1644	rundll32.exe	rundll32.exe
PID 1644 wrote to memory of 1196	1644	rundll32.exe	rundll32.exe
PID 1644 wrote to memory of 1196	1644	rundll32.exe	rundll32.exe
PID 1644 wrote to memory of 1196	1644	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1644

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\574460e4ff00f9cad0bab3973a94eb3dc631950f10b9788e9d913cfb51f736a5.dll,#1
2⤵
PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1196-0-0x0000000000000000-mapping.dmp

Download