adfde0367ba639980632da58a5444005.dll

General
Target

adfde0367ba639980632da58a5444005.dll

Filesize

429KB

Completed

07-10-2020 04:35

Score
1 /10
MD5

adfde0367ba639980632da58a5444005

SHA1

451dd7d059eb7fd22bb7bb46e64de0a1436e6dc3

SHA256

191bbf8eafbe5dfcf56bb139f36d44724bdb9fd1e708cd29dfd2d7b2b916f9f2

Malware Config
Signatures 1

Filter: none

  • Suspicious use of WriteProcessMemory
    rundll32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 1420 wrote to memory of 10521420rundll32.exerundll32.exe
    PID 1420 wrote to memory of 10521420rundll32.exerundll32.exe
    PID 1420 wrote to memory of 10521420rundll32.exerundll32.exe
    PID 1420 wrote to memory of 10521420rundll32.exerundll32.exe
    PID 1420 wrote to memory of 10521420rundll32.exerundll32.exe
    PID 1420 wrote to memory of 10521420rundll32.exerundll32.exe
    PID 1420 wrote to memory of 10521420rundll32.exerundll32.exe
Processes 2
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\adfde0367ba639980632da58a5444005.dll,#1
    Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\adfde0367ba639980632da58a5444005.dll,#1
      PID:1052
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1052-0-0x0000000000000000-mapping.dmp