8a87e9ca0011dced9b29abff8ffa438815ed675b7c9fcef3e546109a08f2ab45 | Triage

Resubmissions

22-01-2021 10:18

210122-ca3rsnyfea 10

22-01-2021 10:16

210122-6qpcx3d83a 1

22-01-2021 09:44

210122-77epvbyd4j 10

22-01-2021 08:12

210122-xw5q2lt71e 1

Analysis

max time kernel
60s
max time network
62s
platform
windows10_x64
resource
win10v20201028
submitted
22-01-2021 10:16

Sharing

Report Analysis Logs

General

Target

8a87e9ca0011dced9b29abff8ffa438815ed675b7c9fcef3e546109a08f2ab45.dll
Size

340KB
MD5

87ab0405dd92650067542696ee0c2c98
SHA1

204e0200e2c648edf70d90472e0b6c4b15bc58c8
SHA256

8a87e9ca0011dced9b29abff8ffa438815ed675b7c9fcef3e546109a08f2ab45
SHA512

2fbb98040f88eb7d3f34157372db49fb7ee933bd63a59d74b1fd91d8ec0eaf065aa8cd69851ec75c2c379e174a3eaaf9d630f847bc525ba61fc127a68454e2d2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3884 wrote to memory of 3192	3884	rundll32.exe	rundll32.exe
PID 3884 wrote to memory of 3192	3884	rundll32.exe	rundll32.exe
PID 3884 wrote to memory of 3192	3884	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a87e9ca0011dced9b29abff8ffa438815ed675b7c9fcef3e546109a08f2ab45.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3884

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a87e9ca0011dced9b29abff8ffa438815ed675b7c9fcef3e546109a08f2ab45.dll,#1
2⤵
PID:3192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3192-2-0x0000000000000000-mapping.dmp

Download