0ac26bcdb018bdfdd9bea73289bda0f84836c3eb55440a8d4c2673ceb6f06100 | Triage

Analysis

max time kernel
13s
max time network
135s
platform
windows10_x64
resource
win10v20201028
submitted
20-11-2020 22:55

Sharing

Report Analysis Logs

General

Target

3ae02fc1fdb653997eeb9303305f1ec35dbb87eb603b573bd94895f35542f1a8.dll
Size

168KB
MD5

0a0aae4b62caf33b4e75c1324bbb58d1
SHA1

364deb73b31b77824315963f95f1ecdf0684b600
SHA256

3ae02fc1fdb653997eeb9303305f1ec35dbb87eb603b573bd94895f35542f1a8
SHA512

e1aa2ccbbab36218ad54334adfc2071709c6d6a9b71154ba6276e9eac9958a08d4a2602985030448752d21d12dd49685121d1563d019aa2abde2636238ca359b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 508 wrote to memory of 356	508	rundll32.exe	rundll32.exe
PID 508 wrote to memory of 356	508	rundll32.exe	rundll32.exe
PID 508 wrote to memory of 356	508	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ae02fc1fdb653997eeb9303305f1ec35dbb87eb603b573bd94895f35542f1a8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:508

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ae02fc1fdb653997eeb9303305f1ec35dbb87eb603b573bd94895f35542f1a8.dll,#1
2⤵
PID:356

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/356-0-0x0000000000000000-mapping.dmp

Download