c8f8edd8870c3117cc3e80b54e99576da02fd17a521e4cf85c10185d45b2c708 | Triage

Analysis

max time kernel
123s
max time network
169s
platform
windows10_x64
resource
win10-en-20211104
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

c8f8edd8870c3117cc3e80b54e99576da02fd17a521e4cf85c10185d45b2c708.dll
Size

64KB
MD5

22f4fe52068b39774d43a87114236586
SHA1

6b6c060e341fc4d840a29fbeeb20aae395a121e3
SHA256

c8f8edd8870c3117cc3e80b54e99576da02fd17a521e4cf85c10185d45b2c708
SHA512

e9d72149addb5cfae21bbb376c23471fde57f1dd07ae6ab1e3234189f25de6e641781a0c2374ba2231f37abc9b1d7001929b15c672aa0f23fd9eba8e696f73b3

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
26	8	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 8	4056	rundll32.exe	69
PID 4056 wrote to memory of 8	4056	rundll32.exe	69
PID 4056 wrote to memory of 8	4056	rundll32.exe	69

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8f8edd8870c3117cc3e80b54e99576da02fd17a521e4cf85c10185d45b2c708.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8f8edd8870c3117cc3e80b54e99576da02fd17a521e4cf85c10185d45b2c708.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:8

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads