72239e1800fc5eb1906c904f9477f43e67fcf9b7e3f71b933440bc79ba0c4e13 | Triage

Analysis

max time kernel
18s
max time network
72s
platform
windows10_x64
resource
win10v20201028
submitted
28-11-2020 06:41

Sharing

Report Analysis Logs

General

Target

923753.exe.dll
Size

2.9MB
MD5

653f8e50bfeb3d31899b463ee7b75371
SHA1

3cb1b13c15b6455c0ab341faa2bd82fc74c88c25
SHA256

72239e1800fc5eb1906c904f9477f43e67fcf9b7e3f71b933440bc79ba0c4e13
SHA512

201413dbb128b8c597ead1be821a38df52eb61fc1b592c2805da1b4f4c6d57bda512f30e057ca2dfd8857dd502679c1d879de44a64b6c3ec02d70126b7e3cc3b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3152 wrote to memory of 3308	3152	rundll32.exe	rundll32.exe
PID 3152 wrote to memory of 3308	3152	rundll32.exe	rundll32.exe
PID 3152 wrote to memory of 3308	3152	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\923753.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3152

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\923753.exe.dll,#1
2⤵
PID:3308

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3308-2-0x0000000000000000-mapping.dmp

Download