6a3bad3772d7c915670fc4f4ec7f7fd859ce290f003a1c1712f212a69f53775d | Triage

Analysis

max time kernel
14s
max time network
110s
platform
windows10_x64
resource
win10v20201028
submitted
29-01-2021 12:29

Sharing

Report Analysis Logs

General

Target

pol.exe.dll
Size

330KB
MD5

8abc46f4ec219b16a01efb6d821a8b35
SHA1

88ba80faffe4d8a3b8e278c42918a7deab346346
SHA256

6a3bad3772d7c915670fc4f4ec7f7fd859ce290f003a1c1712f212a69f53775d
SHA512

6abbe3406beadb839d2af455bddd8a94b0a402b0048b2d2c2a8b58d4af5d452b6145872a91449fcf7740bc6d0e40f24496730c5d5ddeedfb260f2b8ead230bfd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3928 wrote to memory of 744	3928	rundll32.exe	rundll32.exe
PID 3928 wrote to memory of 744	3928	rundll32.exe	rundll32.exe
PID 3928 wrote to memory of 744	3928	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pol.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3928

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pol.exe.dll,#1
2⤵
PID:744

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/744-2-0x0000000000000000-mapping.dmp

Download