915917ab7f26321959440f19e4a01679e794b5ba76188115a177894255e93030 | Triage

Analysis

max time kernel
1579s
max time network
1581s
platform
windows7_x64
resource
win7v20201028
submitted
20-11-2020 22:14

Sharing

Report Analysis Logs

General

Target

757f0000.temp.tmp.dll
Size

11KB
MD5

56b92fce0cf1c28c906a1d20e3a0e044
SHA1

44905f4e983e80ec2614d292531f7a9022015bc5
SHA256

915917ab7f26321959440f19e4a01679e794b5ba76188115a177894255e93030
SHA512

f97b1bf1e64f5ed71b99800311292547b7e0138b8184a0bf9ec0dca20076ad28904d1308ecf3ab42b3aa92155699c8a34d51fbdbb9b2a90799da6506b58f7a73

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2024 wrote to memory of 1628	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1628	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1628	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1628	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1628	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1628	2024	rundll32.exe	rundll32.exe
PID 2024 wrote to memory of 1628	2024	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\757f0000.temp.tmp.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\757f0000.temp.tmp.dll,#1
2⤵
PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1628-0-0x0000000000000000-mapping.dmp

Download