ffe3865e66823680a15e71cffc3c0f2a40b709982f921760739975e9b04cf4e0 | Triage

Analysis

max time kernel
121s
max time network
10s
platform
windows7_x64
resource
win7v20201028
submitted
21-11-2020 16:57

Sharing

Report Analysis Logs

General

Target

lTriumph.lib.dll
Size

87KB
MD5

deed655326851a06a68b862df8b812e0
SHA1

e6c17ac98996e1257be70a07d6d524a8ef2932b5
SHA256

ffe3865e66823680a15e71cffc3c0f2a40b709982f921760739975e9b04cf4e0
SHA512

986048eaa24bea7412095f68d2d442890190ea4948a0b3e67c3d186f733726e349b99850f96c9b61f2c07c61a4c76e1594a73cc974df7b26dd2ab5fa7199c1aa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1588 wrote to memory of 1664	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1664	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1664	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1664	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1664	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1664	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1664	1588	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lTriumph.lib.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1588

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lTriumph.lib.dll,#1
2⤵
PID:1664

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-0-0x0000000000000000-mapping.dmp

Download