401eb39aefafedd9219ad496d9289e6fd502cfbac88036d691c3c36004af5022 | Triage

Resubmissions

22-01-2021 08:55

210122-7t1dqxs376 10

22-01-2021 08:54

210122-vbmc3m6pk2 1

Analysis

max time kernel
13s
max time network
21s
platform
windows10_x64
resource
win10v20201028
submitted
22-01-2021 08:54

Sharing

Report Analysis Logs

General

Target

ekluozek.kwe.dll
Size

330KB
MD5

8dd56158c19ca50f58de0bdf921dd8c8
SHA1

da8d025461a720a4a8b5a8bc25a7ebd53f0340b6
SHA256

be84e3796d98803e8e0d8bc8577e182fceeab42213d4c02fbfad35c5e9674f58
SHA512

880fc3bb186799dafd14742fcfaf81ad7607c4c8be1f4453faca03574aa0d21d452830b0f1f336bb8ea45393bbb8981be4d99fc2fe82b5f25db501bfdd690f8a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3888 wrote to memory of 3812	3888	rundll32.exe	rundll32.exe
PID 3888 wrote to memory of 3812	3888	rundll32.exe	rundll32.exe
PID 3888 wrote to memory of 3812	3888	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ekluozek.kwe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3888

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ekluozek.kwe.dll,#1
2⤵
PID:3812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3812-2-0x0000000000000000-mapping.dmp

Download