3f6b05264c66b4e1d5f3e56aa2cbb5d52b0011c12b8379aba625549d838f1be5 | Triage

Analysis

max time kernel
125s
max time network
123s
platform
windows7_x64
resource
win7v20201028
submitted
17-11-2020 12:32

Sharing

Report Analysis Logs

General

Target

13cf8ce83f957c8dce1bbdeea32826f7.dll
Size

208KB
MD5

512c8023002eded8efc08e86a6b3d7c0
SHA1

6e4f6ba845dfddf31b38cff03b454520617dcc7b
SHA256

3f6b05264c66b4e1d5f3e56aa2cbb5d52b0011c12b8379aba625549d838f1be5
SHA512

73525c15c40b2681d7cc08a4111e638da015627cac68ec88574fb88a34f2de827cdcf90ffa34affac2c50670f6f95aa0a827d74225d890cab456ff30ba269290

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1916 wrote to memory of 1256	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1256	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1256	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1256	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1256	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1256	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 1256	1916	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13cf8ce83f957c8dce1bbdeea32826f7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13cf8ce83f957c8dce1bbdeea32826f7.dll,#1
  2⤵
  PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1256-0-0x0000000000000000-mapping.dmp

Download