4b931b39b584ba3ad6584c9c93f8f58b708225384d35ced025cb4eda55311618 | Triage

Analysis

max time kernel
45s
max time network
55s
platform
windows10_x64
resource
win10v20201028
submitted
14-01-2021 00:53

Sharing

Report Analysis Logs

General

Target

E1-20201223_211330.dll
Size

129KB
MD5

1c243dba6df64d7924c4f3b4599898ae
SHA1

b42946fb7d28ddcb79207ef2082bd095b09143c1
SHA256

6b4495449e1fa2f96c32e79fa71d2f5fb45feb5bbe546716df9cc02bbcba8022
SHA512

d7bd3a76faf9bba90ec57c0aeea188738a4fa6a527896c5cb3dacfeb78f6e17ce5eeb5edf8aed43e51ca1419799c51059bf2662cc76d96cf4f9dc89ccd9f5a57

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3984 wrote to memory of 516	3984	rundll32.exe	rundll32.exe
PID 3984 wrote to memory of 516	3984	rundll32.exe	rundll32.exe
PID 3984 wrote to memory of 516	3984	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\E1-20201223_211330.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3984

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\E1-20201223_211330.dll,#1
2⤵
PID:516

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/516-2-0x0000000000000000-mapping.dmp

Download