9891284ac8d3329d6f69e1fa310886a53802a70672634dd64caaee3a58ba0a10 | Triage

Analysis

max time kernel
4s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
15-11-2020 23:04

Sharing

Report Analysis Logs

General

Target

9891284ac8d3329d6f69e1fa310886a53802a70672634dd64caaee3a58ba0a10.dll
Size

207KB
MD5

9408791cf02d1ab6e1f1945919fe0f4d
SHA1

c39ee8fe1a99c144130166c8faec1f4ed3011e0a
SHA256

9891284ac8d3329d6f69e1fa310886a53802a70672634dd64caaee3a58ba0a10
SHA512

8c20d0ceff7e5fd6e6c1a2dbb26fa030158da33bc9d0c6ebac2f210e7d84844151103db94612697e412e84424517ce2c33802a287039d2a585d2444dd6e34c1a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1004 wrote to memory of 1644	1004	rundll32.exe	rundll32.exe
PID 1004 wrote to memory of 1644	1004	rundll32.exe	rundll32.exe
PID 1004 wrote to memory of 1644	1004	rundll32.exe	rundll32.exe
PID 1004 wrote to memory of 1644	1004	rundll32.exe	rundll32.exe
PID 1004 wrote to memory of 1644	1004	rundll32.exe	rundll32.exe
PID 1004 wrote to memory of 1644	1004	rundll32.exe	rundll32.exe
PID 1004 wrote to memory of 1644	1004	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9891284ac8d3329d6f69e1fa310886a53802a70672634dd64caaee3a58ba0a10.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9891284ac8d3329d6f69e1fa310886a53802a70672634dd64caaee3a58ba0a10.dll,#1
  2⤵
  PID:1644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1644-0-0x0000000000000000-mapping.dmp

Download