c317c52e7b95e14ae974df6fe99df3e5c976b2186897f19fbef68add5dcc28ea | Triage

Analysis

max time kernel
90s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
03-12-2020 11:03

Sharing

Report Analysis Logs

General

Target

c317c52e7b95e14ae974df6fe99df3e5c976b2186897f19fbef68add5dcc28ea.dll
Size

215KB
MD5

c3df79dafe7b52af61c291acb22bd79e
SHA1

32c33076ea6a24fdfca376338eeaf93e87ac948c
SHA256

c317c52e7b95e14ae974df6fe99df3e5c976b2186897f19fbef68add5dcc28ea
SHA512

f2b7df8a6dd54d011db496d4116423d02bae4958ed2d9742469115a9f64100be6b404d209a50f2ca35152a5f3a19c010cfbe5bd65ef63a76ef8cb1e961f88a72

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2028 wrote to memory of 316	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 316	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 316	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 316	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 316	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 316	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 316	2028	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c317c52e7b95e14ae974df6fe99df3e5c976b2186897f19fbef68add5dcc28ea.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c317c52e7b95e14ae974df6fe99df3e5c976b2186897f19fbef68add5dcc28ea.dll,#1
2⤵
PID:316

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/316-2-0x0000000000000000-mapping.dmp

Download