19bc003eab42141cbc9a0e9103345594c057c587225b3ae6a62cc9ce1629d534 | Triage

Analysis

max time kernel
150s
max time network
92s
platform
windows7_x64
resource
win7v20201028
submitted
13-01-2021 19:45

Sharing

Report Analysis Logs

General

Target

cd56a95ff1aaaf765e36723f20601f45.dll
Size

7KB
MD5

cd56a95ff1aaaf765e36723f20601f45
SHA1

46552fba600c2bdbf91e75eddefc45f9f57b741a
SHA256

19bc003eab42141cbc9a0e9103345594c057c587225b3ae6a62cc9ce1629d534
SHA512

bdf9d938ab111bfdb9feea410af581402ad971e9e50723ba2c42f64a7e2426368fe4dd3d1bafe6cdd79260282d6df2d1c34164720b74f0d70e38f52ddcdf3e81

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1096 wrote to memory of 2016	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 2016	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 2016	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 2016	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 2016	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 2016	1096	rundll32.exe	rundll32.exe
PID 1096 wrote to memory of 2016	1096	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd56a95ff1aaaf765e36723f20601f45.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd56a95ff1aaaf765e36723f20601f45.dll,#1
2⤵
PID:2016

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-2-0x0000000000000000-mapping.dmp

Download