f9bcbed5761445d15ca43d77479b137c0df27fd4a97afb56a676424fd0b5827e | Triage

Analysis

max time kernel
2s
max time network
6s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
18-01-2022 11:55

Sharing

Report Analysis Logs

General

Target

dexd.ocx.dll
Size

647KB
MD5

646c64211ce83eec01832b5c8bd12cab
SHA1

e4213cf1d523a05eccd1f9b788120c9ee0e81bdf
SHA256

f9bcbed5761445d15ca43d77479b137c0df27fd4a97afb56a676424fd0b5827e
SHA512

ebf5a042620a3ba0bab0c535fc13dfe6a5dd8c1858a09870bcdec4f9225e23314460f9bec307f6b7ab707b4020ae47f44e40a6852c11424199264dc798eba1bb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1232 wrote to memory of 3812	1232	rundll32.exe	rundll32.exe
PID 1232 wrote to memory of 3812	1232	rundll32.exe	rundll32.exe
PID 1232 wrote to memory of 3812	1232	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dexd.ocx.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1232

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dexd.ocx.dll,#1
2⤵
PID:3812

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...