675242ac6a4551ef75937e33e617f536b9ff2bcfc0f208f8357ec123509859bb | Triage

Resubmissions

22-01-2021 10:30

210122-ebzvzq1wva 10

22-01-2021 10:26

210122-1ee91czbt6 1

22-01-2021 09:44

210122-lrtb9m92n6 10

22-01-2021 08:15

210122-992xz1jsl6 1

Analysis

max time kernel
13s
max time network
112s
platform
windows10_x64
resource
win10v20201028
submitted
22-01-2021 10:26

Sharing

Report Analysis Logs

General

Target

675242ac6a4551ef75937e33e617f536b9ff2bcfc0f208f8357ec123509859bb.dll
Size

330KB
MD5

8d2f4a0fa3210f09a0b1e6d39596be02
SHA1

21d3798d1a29d9f66155f36539b514545ecbe6d2
SHA256

675242ac6a4551ef75937e33e617f536b9ff2bcfc0f208f8357ec123509859bb
SHA512

895e331dc99dfca3be7e61863ea178c8b3d5b231c1070f982267b570c65bfdba054cbea3d4e8a61dd82d138e9bb5a75905f320fdb0a68aa6576a4710322d7cc3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 692 wrote to memory of 1204	692	rundll32.exe	rundll32.exe
PID 692 wrote to memory of 1204	692	rundll32.exe	rundll32.exe
PID 692 wrote to memory of 1204	692	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\675242ac6a4551ef75937e33e617f536b9ff2bcfc0f208f8357ec123509859bb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:692

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\675242ac6a4551ef75937e33e617f536b9ff2bcfc0f208f8357ec123509859bb.dll,#1
2⤵
PID:1204

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-2-0x0000000000000000-mapping.dmp

Download