cc130e6cd39bf10d21956c48f083c6dd306dab8bd77a11f85fc3128c39cf9e97 | Triage

Analysis

max time kernel
13s
max time network
119s
platform
windows10_x64
resource
win10v20201028
submitted
17-11-2020 12:06

Sharing

Report Analysis Logs

General

Target

605c8d4772b41602b09c3a4c98c6456a.dll
Size

207KB
MD5

25498568f1da7b3b83cee91592fede2f
SHA1

44b1d99408247cce18173f5248e9104bfe78f397
SHA256

cc130e6cd39bf10d21956c48f083c6dd306dab8bd77a11f85fc3128c39cf9e97
SHA512

1f75ae179a93a73f4ec3d31ae3fae1c03fec119a55f94c3fee5862b70f995fc14115ea1484d297a3a870da58337e7317d736f4841ace41ed730099c143ddbacf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3932 wrote to memory of 2232	3932	rundll32.exe	rundll32.exe
PID 3932 wrote to memory of 2232	3932	rundll32.exe	rundll32.exe
PID 3932 wrote to memory of 2232	3932	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\605c8d4772b41602b09c3a4c98c6456a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\605c8d4772b41602b09c3a4c98c6456a.dll,#1
  2⤵
  PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2232-0-0x0000000000000000-mapping.dmp

Download