ccf835fbf85c0d1f433e70bb96d1c87504a228b6ca3b973e240e35073d9d86a7 | Triage

Analysis

max time kernel
88s
max time network
112s
platform
windows10_x64
resource
win10v20201028
submitted
10-11-2020 20:41

Sharing

Report Analysis Logs

General

Target

ccf835fbf85c0d1f433e70bb96d1c87504a228b6ca3b973e240e35073d9d86a7.bin.dll
Size

152KB
MD5

91a56986866c5991969d52932c655d8b
SHA1

dbe55a78b9fae7fe6441490a9e98a8b99bac68ee
SHA256

ccf835fbf85c0d1f433e70bb96d1c87504a228b6ca3b973e240e35073d9d86a7
SHA512

c5843d3f5e329a92dfeb4f53c8240ce443927e54670762fff22a2b428debbe47316a7da33b3b37b837aba14b881c2fbc718dab7536323308817d315953a94044

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 424 wrote to memory of 672	424	rundll32.exe	rundll32.exe
PID 424 wrote to memory of 672	424	rundll32.exe	rundll32.exe
PID 424 wrote to memory of 672	424	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccf835fbf85c0d1f433e70bb96d1c87504a228b6ca3b973e240e35073d9d86a7.bin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:424

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccf835fbf85c0d1f433e70bb96d1c87504a228b6ca3b973e240e35073d9d86a7.bin.dll,#1
2⤵
PID:672

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/672-0-0x0000000000000000-mapping.dmp

Download