a8de4fb046ca1a5b1ce38b0e3b6d59a7c6239a2ce65375904b2b9b3cdfd461a9 | Triage

Analysis

max time kernel
145s
max time network
146s
platform
windows10_x64
resource
win10v20201028
submitted
10-11-2020 07:28

Sharing

Report Analysis Logs

General

Target

a8de4fb046ca1a5b1ce38b0e3b6d59a7c6239a2ce65375904b2b9b3cdfd461a9.dll
Size

207KB
MD5

9ccfa0e7d6b52e7284c543bdc3930a99
SHA1

2f31b4fe64966c981c6d38bfbf41f1500d5c9864
SHA256

a8de4fb046ca1a5b1ce38b0e3b6d59a7c6239a2ce65375904b2b9b3cdfd461a9
SHA512

648d3b234fa7aab8105ad8c9647af028e304569b9d2abc7a1b2d7fb44bab9b77a09e32b2b5e3aa85a22502eeb0b1fb2116231b368c87353fc9d90589a1025da8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 640 wrote to memory of 356	640	rundll32.exe	rundll32.exe
PID 640 wrote to memory of 356	640	rundll32.exe	rundll32.exe
PID 640 wrote to memory of 356	640	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8de4fb046ca1a5b1ce38b0e3b6d59a7c6239a2ce65375904b2b9b3cdfd461a9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:640

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8de4fb046ca1a5b1ce38b0e3b6d59a7c6239a2ce65375904b2b9b3cdfd461a9.dll,#1
2⤵
PID:356

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/356-0-0x0000000000000000-mapping.dmp

Download