c503aa1dbf3c19582320dd843867711ac3565adb1ef0a3b0d73cfc90a4a3cd21 | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
17-12-2020 14:50

Sharing

Report Analysis Logs

General

Target

5555555555.dll
Size

2.2MB
MD5

d93e664851c7d28b2aa4e024ce820a83
SHA1

0ade1f8c1072e9828eba8a1c99a25a748086795e
SHA256

c503aa1dbf3c19582320dd843867711ac3565adb1ef0a3b0d73cfc90a4a3cd21
SHA512

0d0f7cea9e8455020dcdb0da012f3820e4ba4c3f0fefa11b1884b2908cfc5ebb101391dbadddbe014bdbe11e40b27a8b1d35931ce04bb9ce96848be8565d6d55

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1696 wrote to memory of 1664	1696	rundll32.exe	rundll32.exe
PID 1696 wrote to memory of 1664	1696	rundll32.exe	rundll32.exe
PID 1696 wrote to memory of 1664	1696	rundll32.exe	rundll32.exe
PID 1696 wrote to memory of 1664	1696	rundll32.exe	rundll32.exe
PID 1696 wrote to memory of 1664	1696	rundll32.exe	rundll32.exe
PID 1696 wrote to memory of 1664	1696	rundll32.exe	rundll32.exe
PID 1696 wrote to memory of 1664	1696	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5555555555.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1696

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5555555555.dll,#1
2⤵
PID:1664

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-2-0x0000000000000000-mapping.dmp

Download