965e8a6c0b646352406ea5deb665a38606670c9163e12af2684dba436ae9fff3 | Triage

Analysis

max time kernel
12s
max time network
111s
platform
windows10_x64
resource
win10v20201028
submitted
23-03-2021 18:04

Sharing

Report Analysis Logs

General

Target

965e8a6c0b646352406ea5deb665a38606670c9163e12af2684dba436ae9fff3.dll
Size

150KB
MD5

b2dc3a104d18f1a899d67fcd69fc0c5b
SHA1

b5306f3e9d4a86d518cd4433a1eae65151775384
SHA256

965e8a6c0b646352406ea5deb665a38606670c9163e12af2684dba436ae9fff3
SHA512

d6d2f900a6095a895894bc50074bc2dde40aafd304f1e3078958d721b373f525201e979162ce64e81dce256779162c1a853dfc6909af47b4304da5daa1cc042b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4012 wrote to memory of 4088	4012	rundll32.exe	rundll32.exe
PID 4012 wrote to memory of 4088	4012	rundll32.exe	rundll32.exe
PID 4012 wrote to memory of 4088	4012	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\965e8a6c0b646352406ea5deb665a38606670c9163e12af2684dba436ae9fff3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4012

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\965e8a6c0b646352406ea5deb665a38606670c9163e12af2684dba436ae9fff3.dll,#1
2⤵
PID:4088

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4088-2-0x0000000000000000-mapping.dmp

Download