cd30ac543826c5e0e4c27c654450e1dd024dea00c9ee76a582719634ca56ef71 | Triage

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7v20201028
submitted
14-12-2020 23:56

Sharing

Report Analysis Logs

General

Target

cd30ac543826c5e0e4c27c654450e1dd024dea00c9ee76a582719634ca56ef71.bin.dll
Size

163KB
MD5

5b2577568f59eab60a7a75548b8eeaf8
SHA1

9ca35be7283f53a52d63f3656b88ce6f1ee7181a
SHA256

cd30ac543826c5e0e4c27c654450e1dd024dea00c9ee76a582719634ca56ef71
SHA512

32292e008ef94c49d9785e5649c72ddaa61f07fef378a2ee348cb69ce861ca5122a66ea9c3c721fc6e54019b8b1f834bd90e71981227389eedb50943ec1f9e7a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 932 wrote to memory of 1940	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1940	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1940	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1940	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1940	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1940	932	rundll32.exe	rundll32.exe
PID 932 wrote to memory of 1940	932	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd30ac543826c5e0e4c27c654450e1dd024dea00c9ee76a582719634ca56ef71.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:932

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd30ac543826c5e0e4c27c654450e1dd024dea00c9ee76a582719634ca56ef71.bin.dll,#1
2⤵
PID:1940

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1940-2-0x0000000000000000-mapping.dmp

Download