ab008ebf48d745343ceb220831f7c90dbc9bb75df422100cb8a60d57de13a1bb | Triage

Analysis

max time kernel
20s
max time network
70s
platform
windows10_x64
resource
win10v20201028
submitted
30-03-2021 11:37

Sharing

Report Analysis Logs

General

Target

03e7aaf552592613cd509fcb822068748e42eb876be969565c1d405b073ccbbb.dll
Size

8.1MB
MD5

a5788bdeab01701ed97c26fb0c686949
SHA1

78af3a0cf88ec3d3cfcc9fc8795a6400751b9d73
SHA256

03e7aaf552592613cd509fcb822068748e42eb876be969565c1d405b073ccbbb
SHA512

3e9e5a0ba730ada9fdb022026d51bdc9156a5332d53812ad8d281600c34c79ce35d7ffbf25d5b5809c258f9c27026fc4787cc149b394683c3bd5ab4a6b4d72ba

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 540 wrote to memory of 1336	540	rundll32.exe	rundll32.exe
PID 540 wrote to memory of 1336	540	rundll32.exe	rundll32.exe
PID 540 wrote to memory of 1336	540	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03e7aaf552592613cd509fcb822068748e42eb876be969565c1d405b073ccbbb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:540

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03e7aaf552592613cd509fcb822068748e42eb876be969565c1d405b073ccbbb.dll,#1
2⤵
PID:1336

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1336-2-0x0000000000000000-mapping.dmp

Download