5f04c44de516e644115ad8094afbdab4b52ce6e46a848aeb7cf634ad471e4ac0 | Triage

Resubmissions

19-01-2022 09:52

220119-lv9resghbm 10

18-01-2022 12:03

220118-n8f3dabad3 10

18-01-2022 11:55

220118-n3rxpabab6 10

Analysis

max time kernel
2s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
18-01-2022 12:03

Sharing

Report Analysis Logs

General

Target

dexc.ocx.dll
Size

647KB
MD5

74335b83254eeff621dd7bea844eb859
SHA1

b004da994afd349eec84ef0a579ca9785f6f496d
SHA256

5f04c44de516e644115ad8094afbdab4b52ce6e46a848aeb7cf634ad471e4ac0
SHA512

edece82d4cb1a8c8d7f5d43ffa7920ff0cb8c61154c5b06d9b3d48a52b0a08a4ce0c0610957d1ca4d5ae6d99e4a4f441da3a2a56eec3e123666742c59905c44e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3720 wrote to memory of 3312	3720	rundll32.exe	rundll32.exe
PID 3720 wrote to memory of 3312	3720	rundll32.exe	rundll32.exe
PID 3720 wrote to memory of 3312	3720	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dexc.ocx.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3720

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dexc.ocx.dll,#1
2⤵
PID:3312

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...