7721248f6c524da20b6f51b54e486e5d58766b29dfc5664a3e7a692dd2eb6655 | Triage

Analysis

max time kernel
151s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
03-12-2020 13:07

Sharing

Report Analysis Logs

General

Target

xspcd10.dll
Size

215KB
MD5

e2fa6a1238bcbe673cfc4191159f351c
SHA1

13067b9c1960784a184a81b94d7b37bcd957ade7
SHA256

7721248f6c524da20b6f51b54e486e5d58766b29dfc5664a3e7a692dd2eb6655
SHA512

f9132d4c7f65a5d2632db7d217d706aac91c113ce8b6a4110af145601793f50c7470213c337cca9f4c5b8577988fcce541501110698332fddce05e2b0806720d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1836 wrote to memory of 1232	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 1232	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 1232	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 1232	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 1232	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 1232	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 1232	1836	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\xspcd10.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1836

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\xspcd10.dll,#1
2⤵
PID:1232

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1232-2-0x0000000000000000-mapping.dmp

Download