3787d90c7fa9f7b2803b904476eff287d4f59d1fe550f248250e84ca8885065f | Triage

Analysis

max time kernel
90s
max time network
91s
platform
windows10_x64
resource
win10v20201028
submitted
24-03-2021 15:46

Sharing

Report Analysis Logs

General

Target

cYg4dkuO.dll
Size

688KB
MD5

1da1b1f1037bacd1fe8e017a5d52e727
SHA1

b9b6463219a19632299c5e0fb76715753b6ddd0e
SHA256

3787d90c7fa9f7b2803b904476eff287d4f59d1fe550f248250e84ca8885065f
SHA512

9ff5622658a9d5c1f679a4783d2f4a4b340838fc24fbcc5e1856d74ce7e9d5b90280b5cd1b96e7be40c87406d7e0c0d2c2e6a51b786b6c29d069b23f0287a5f4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 540 wrote to memory of 488	540	rundll32.exe	rundll32.exe
PID 540 wrote to memory of 488	540	rundll32.exe	rundll32.exe
PID 540 wrote to memory of 488	540	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cYg4dkuO.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cYg4dkuO.dll,#1
  2⤵
  PID:488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/488-2-0x0000000000000000-mapping.dmp

Download
memory/488-3-0x00000000045C1000-0x000000000462F000-memory.dmp

Filesize
440KB

Download
memory/488-4-0x0000000000D60000-0x0000000000D61000-memory.dmp

Filesize
4KB

Download