aa01d9951003a150e3d597fb6fa9e7fb91513ea2ddfa81096c3d10199ca78c70 | Triage

Analysis

max time kernel
13s
max time network
112s
platform
windows10_x64
resource
win10v20201028
submitted
26-01-2021 23:54

Sharing

Report Analysis Logs

General

Target

aretmrytntm.sqj.dll
Size

330KB
MD5

824fd8be213246bef034dffc574a9579
SHA1

8254291e676e83e7ec92370e67ad0a08014ab52b
SHA256

a7979541a188f04dfa7f2981e0dcabc700da73422ce7ce43c9fce5896eb5085c
SHA512

51e481347ea6d415657c8f1bd05440d0b01dfe1e42b1df93d0afa0a0b6ee0e7d12cd4d017f6234863554da853f2ab309c25fdf3952eb432a756a31a1c8cb6f98

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 816 wrote to memory of 1028	816	rundll32.exe	rundll32.exe
PID 816 wrote to memory of 1028	816	rundll32.exe	rundll32.exe
PID 816 wrote to memory of 1028	816	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aretmrytntm.sqj.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:816

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aretmrytntm.sqj.dll,#1
2⤵
PID:1028

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1028-2-0x0000000000000000-mapping.dmp

Download