ce13731f3fd88c6cf67b6134da97ee3afddd266ed41527f0db47e0d1a75503e1 | Triage

Analysis

max time kernel
5s
max time network
10s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 12:40

Sharing

Report Analysis Logs

General

Target

ce13731f3fd88c6cf67b6134da97ee3afddd266ed41527f0db47e0d1a75503e1.dll
Size

184KB
MD5

9adee1afc84966c9f8cd5f8347ca7a3e
SHA1

9afe4927498b1ac84af62f532ccaef0ed2052578
SHA256

ce13731f3fd88c6cf67b6134da97ee3afddd266ed41527f0db47e0d1a75503e1
SHA512

5e733b693d1dab0e06572c67b5f86f5bb9d05f5260566d6d87510ff45091e11ee871b4a6c9d706d7c0dc48800c01caadf95b38627c8a57dd0154e925a4418d0e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1812 wrote to memory of 1300	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1300	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1300	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1300	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1300	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1300	1812	rundll32.exe	rundll32.exe
PID 1812 wrote to memory of 1300	1812	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ce13731f3fd88c6cf67b6134da97ee3afddd266ed41527f0db47e0d1a75503e1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1812

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ce13731f3fd88c6cf67b6134da97ee3afddd266ed41527f0db47e0d1a75503e1.dll,#1
2⤵
PID:1300

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1300-2-0x0000000000000000-mapping.dmp

Download
memory/1300-3-0x0000000076241000-0x0000000076243000-memory.dmp

Filesize
8KB

Download