dd04eecc76038f6328df66365165f2f840562a21592ebca61fec1927d5f5e659 | Triage

Analysis

max time kernel
3s
max time network
9s
platform
windows7_x64
resource
win7v20201028
submitted
17-11-2020 12:07

Sharing

Report Analysis Logs

General

Target

15ad786d3d72c10da7dc678913966a55.dll
Size

207KB
MD5

c087fa2dcd5db524e4c2bd698f7bdbb3
SHA1

edc521f795fc2bf00ba7b5eac83e07c7857192fc
SHA256

dd04eecc76038f6328df66365165f2f840562a21592ebca61fec1927d5f5e659
SHA512

89fde0d14ebfb26ba1b0e366825522f63d5f41c05f56fb53a68e1525df4b6e1eea4b8b3e708a098100e52199c69fce1aaea98e19d91991d428fcd283be43ddde

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1944 wrote to memory of 900	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 900	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 900	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 900	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 900	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 900	1944	rundll32.exe	rundll32.exe
PID 1944 wrote to memory of 900	1944	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15ad786d3d72c10da7dc678913966a55.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15ad786d3d72c10da7dc678913966a55.dll,#1
  2⤵
  PID:900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/900-0-0x0000000000000000-mapping.dmp

Download