59631513810a10ed2255ed31594488ba6f5c64f25fa7c1822e5b4de8b1cd9bf9 | Triage

Analysis

max time kernel
140s
max time network
142s
platform
windows7_x64
resource
win7v20201028
submitted
17-11-2020 15:02

Sharing

Report Analysis Logs

General

Target

a983b6d9c3b3181548abc77be48bafdb.dll
Size

207KB
MD5

1f9dad9bec5114c695204173a0e9f953
SHA1

6cf51206a325542387b170284de9c90d0df2458c
SHA256

59631513810a10ed2255ed31594488ba6f5c64f25fa7c1822e5b4de8b1cd9bf9
SHA512

d57ae486a0a31fa81a6def7ee990b270b5c1b69660b6b0ca5379621951baff342c00fd9a5132a357c4b7493eef24ac47da00290a348eccc9f05e6f9f6863dfe2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 756 wrote to memory of 1800	756	rundll32.exe	rundll32.exe
PID 756 wrote to memory of 1800	756	rundll32.exe	rundll32.exe
PID 756 wrote to memory of 1800	756	rundll32.exe	rundll32.exe
PID 756 wrote to memory of 1800	756	rundll32.exe	rundll32.exe
PID 756 wrote to memory of 1800	756	rundll32.exe	rundll32.exe
PID 756 wrote to memory of 1800	756	rundll32.exe	rundll32.exe
PID 756 wrote to memory of 1800	756	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a983b6d9c3b3181548abc77be48bafdb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:756

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a983b6d9c3b3181548abc77be48bafdb.dll,#1
2⤵
PID:1800

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1800-0-0x0000000000000000-mapping.dmp

Download