2ec1659438816ccaeedbc9f36e35b7adf24cd6153c5e0a43855a5b8103b272fc | Triage

Analysis

max time kernel
101s
max time network
112s
platform
windows10_x64
resource
win10v20201028
submitted
14-12-2020 14:24

Sharing

Report Analysis Logs

General

Target

420d173305f5d46ca47fc49999f9b1bf.dll
Size

667KB
MD5

420d173305f5d46ca47fc49999f9b1bf
SHA1

0a012f03c260c67100b757dac6422408f46cc1a3
SHA256

2ec1659438816ccaeedbc9f36e35b7adf24cd6153c5e0a43855a5b8103b272fc
SHA512

f054be14b644bc54123bafd3ede2dbd48211ef1a9d37635d82952e62cc87243ce1f20ae16f3e009140ce388f615e2b2d8ce035c51e386135998306ea68f4312a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 648 wrote to memory of 1304	648	rundll32.exe	rundll32.exe
PID 648 wrote to memory of 1304	648	rundll32.exe	rundll32.exe
PID 648 wrote to memory of 1304	648	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\420d173305f5d46ca47fc49999f9b1bf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:648

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\420d173305f5d46ca47fc49999f9b1bf.dll,#1
2⤵
PID:1304

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1304-2-0x0000000000000000-mapping.dmp

Download