eba9c787915db694ba3d567dce84b5b76b639e0ba4c0bbe10113dd21e3299feb | Triage

Analysis

max time kernel
40s
max time network
65s
platform
windows10_x64
resource
win10v20201028
submitted
28-11-2020 07:20

Sharing

Report Analysis Logs

General

Target

9237537.dll
Size

2.9MB
MD5

2449a2a1a20c37b570a8f3ad3174ab64
SHA1

d5769dabf6f4814c0b6a707d4d18db2af57355e9
SHA256

eba9c787915db694ba3d567dce84b5b76b639e0ba4c0bbe10113dd21e3299feb
SHA512

6a92722e9a2f3996fe6c8dc9489f5311844e4a45e941170793c4d6f7ea5bab5c4ee21346e2d87a004532d7e8e65e4836fb487f7626093dcf016524b5012bc2ec

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 828 wrote to memory of 1700	828	rundll32.exe	rundll32.exe
PID 828 wrote to memory of 1700	828	rundll32.exe	rundll32.exe
PID 828 wrote to memory of 1700	828	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9237537.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:828

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9237537.dll,#1
2⤵
PID:1700

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-2-0x0000000000000000-mapping.dmp

Download