191a0fc897f798860c541f0e3fcd496f5d586f54c967d6e21621d974ebdd9de5 | Triage

Analysis

max time kernel
320s
max time network
382s
platform
windows10_x64
resource
win10v20201028
submitted
20-12-2020 17:44

Sharing

Report Analysis Logs

General

Target

ply606.dll
Size

550KB
MD5

a4f94f3896f4730cc7709e3b14888c5d
SHA1

09b74bdbfcafd87e175abba843495b007ed65b3b
SHA256

191a0fc897f798860c541f0e3fcd496f5d586f54c967d6e21621d974ebdd9de5
SHA512

ad67d439f81d431d38a87a59fd2c392099e5dfee971c5573a25cab2e909dd2b21b885f30fc2ec158f7ff0f4c6e3f64efd2fa4a89f5698776e133e4b3ed79ddec

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 1728	972	rundll32.exe	71
PID 972 wrote to memory of 1728	972	rundll32.exe	71
PID 972 wrote to memory of 1728	972	rundll32.exe	71

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ply606.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ply606.dll,#1
  2⤵
  PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads