ab008ebf48d745343ceb220831f7c90dbc9bb75df422100cb8a60d57de13a1bb | Triage

Analysis

max time kernel
16s
max time network
115s
platform
windows10_x64
resource
win10v20201028
submitted
30-03-2021 11:37

Sharing

Report Analysis Logs

General

Target

2c4b454fe37acdb7c23d75924d4ffcda2943c0622d9d371c5c70717a242499d6.dll
Size

565KB
MD5

95b536fb9392bd5d9a1d15d716670e38
SHA1

25ed58002bcffd06d0a1c028b4a3ef07a9d6805f
SHA256

2c4b454fe37acdb7c23d75924d4ffcda2943c0622d9d371c5c70717a242499d6
SHA512

9cc7c205d8a9db1db827b5732811202d666563b8a2241700883e7de745cb6bae236be0f5621894c644414065f3000829729fa197cbca436360a6e2b5f5698809

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 812 wrote to memory of 1560	812	rundll32.exe	rundll32.exe
PID 812 wrote to memory of 1560	812	rundll32.exe	rundll32.exe
PID 812 wrote to memory of 1560	812	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c4b454fe37acdb7c23d75924d4ffcda2943c0622d9d371c5c70717a242499d6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:812

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c4b454fe37acdb7c23d75924d4ffcda2943c0622d9d371c5c70717a242499d6.dll,#1
2⤵
PID:1560

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1560-2-0x0000000000000000-mapping.dmp

Download