e5cd425a6e6062b28f7dab5b8000d4eafe5eb1fecde49b0339705664731a4a2a | Triage

Analysis

max time kernel
90s
max time network
110s
platform
windows10_x64
resource
win10v20201028
submitted
12-11-2020 14:01

Sharing

Report Analysis Logs

General

Target

e5cd425a6e6062b28f7dab5b8000d4eafe5eb1fecde49b0339705664731a4a2a.dll
Size

207KB
MD5

7bfda68885a682f0c73e950800e10f6d
SHA1

a84e2240161fc392c329bdd0d5fe2feb8805e3a1
SHA256

e5cd425a6e6062b28f7dab5b8000d4eafe5eb1fecde49b0339705664731a4a2a
SHA512

c4d1f04cf1f422c714708278fc89da2a24054cb8f29fb99fa299c525db8547806b6ca36250d765036acd5fd596deb2745eb49eea1b1404cc49f5ae0cc2b7ddd5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 728 wrote to memory of 1496	728	rundll32.exe	rundll32.exe
PID 728 wrote to memory of 1496	728	rundll32.exe	rundll32.exe
PID 728 wrote to memory of 1496	728	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5cd425a6e6062b28f7dab5b8000d4eafe5eb1fecde49b0339705664731a4a2a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:728

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5cd425a6e6062b28f7dab5b8000d4eafe5eb1fecde49b0339705664731a4a2a.dll,#1
2⤵
PID:1496

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1496-0-0x0000000000000000-mapping.dmp

Download