88edb9fd9a15da9b29671b79314a83a26622102dd69fe82bc5fdda3abbfb73f6

General
Target

88edb9fd9a15da9b29671b79314a83a26622102dd69fe82bc5fdda3abbfb73f6.dll

Filesize

274KB

Completed

26-09-2021 13:15

Score
1 /10
MD5

8f5524d454be8615579d44504d038061

SHA1

f71457d914864ba35a20ad6cbc7554bd3213f8aa

SHA256

88edb9fd9a15da9b29671b79314a83a26622102dd69fe82bc5fdda3abbfb73f6

Malware Config
Signatures 1

Filter: none

  • Suspicious use of WriteProcessMemory
    rundll32.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 664 wrote to memory of 836664rundll32.exerundll32.exe
    PID 664 wrote to memory of 836664rundll32.exerundll32.exe
    PID 664 wrote to memory of 836664rundll32.exerundll32.exe
Processes 2
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\88edb9fd9a15da9b29671b79314a83a26622102dd69fe82bc5fdda3abbfb73f6.dll,#1
    Suspicious use of WriteProcessMemory
    PID:664
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\88edb9fd9a15da9b29671b79314a83a26622102dd69fe82bc5fdda3abbfb73f6.dll,#1
      PID:836
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/836-114-0x0000000000000000-mapping.dmp

                          • memory/836-115-0x0000000000400000-0x0000000000448000-memory.dmp