b69f17a7126bf24174e8d6cd594c5ebb28485db8e3943b0cebc5bf1225d6c6ae | Triage

Analysis

max time kernel
18s
max time network
123s
platform
windows10_x64
resource
win10v20201028
submitted
28-11-2020 07:22

Sharing

Report Analysis Logs

General

Target

9237538.dll
Size

2.9MB
MD5

e89659fd1e4d75378bdcabb91ffeb66c
SHA1

6652f62eccbc1c516ef5911b95ad5b3002a44a9c
SHA256

b69f17a7126bf24174e8d6cd594c5ebb28485db8e3943b0cebc5bf1225d6c6ae
SHA512

4a848205b0e2748df671959469119d457ab1674b4a3e1aa880ffbd4b374a646f9869e1d75cd1d3ed8f82f507a3447ba5785a6b5de09a296aa2ef647c74c8e8b5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3300 wrote to memory of 376	3300	rundll32.exe	rundll32.exe
PID 3300 wrote to memory of 376	3300	rundll32.exe	rundll32.exe
PID 3300 wrote to memory of 376	3300	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9237538.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3300

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9237538.dll,#1
2⤵
PID:376

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/376-2-0x0000000000000000-mapping.dmp

Download