4965d3237e6535698dd3fd387a0b2b98136d256771d21b5fb85ce5cdbb232d20 | Triage

Analysis

max time kernel
3s
max time network
12s
platform
windows7_x64
resource
win7v20201028
submitted
27-12-2020 07:44

Sharing

Report Analysis Logs

General

Target

4965d3237e6535698dd3fd387a0b2b98136d256771d21b5fb85ce5cdbb232d20.dll
Size

551KB
MD5

93658baac96a3fb905b1fc7e25a89ef5
SHA1

50b9564f9bef3582c8e293ce48274e700a2a442c
SHA256

4965d3237e6535698dd3fd387a0b2b98136d256771d21b5fb85ce5cdbb232d20
SHA512

77f6bcfcbb5151eaba270b105b79316ea26363699c9ccb6e7ec5bba633ba8bb9244cae9e7ccfb24794a9079a111c195c8c8faf3e7df836a062748606c8257270

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 476 wrote to memory of 1896	476	rundll32.exe	25
PID 476 wrote to memory of 1896	476	rundll32.exe	25
PID 476 wrote to memory of 1896	476	rundll32.exe	25
PID 476 wrote to memory of 1896	476	rundll32.exe	25
PID 476 wrote to memory of 1896	476	rundll32.exe	25
PID 476 wrote to memory of 1896	476	rundll32.exe	25
PID 476 wrote to memory of 1896	476	rundll32.exe	25

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4965d3237e6535698dd3fd387a0b2b98136d256771d21b5fb85ce5cdbb232d20.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4965d3237e6535698dd3fd387a0b2b98136d256771d21b5fb85ce5cdbb232d20.dll,#1
  2⤵
  PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads