adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957 | Triage

Analysis

max time kernel
43s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 09:30

Sharing

Report Analysis Logs

General

Target

adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957.dll
Size

275KB
MD5

285be226c4da6aa4a366aa7bdbafb23b
SHA1

a6c3594107c9fe781690ca7c9158d27c41d9ed53
SHA256

adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957
SHA512

9649fd35341413f525cb46175b682a40a081e56734672ce2f8fc76c845ad10a112ad5939cf3712b95cdf1addc3775eecdcd3c35e4854f41585f56613859b7545

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3580 wrote to memory of 1972	3580	rundll32.exe	rundll32.exe
PID 3580 wrote to memory of 1972	3580	rundll32.exe	rundll32.exe
PID 3580 wrote to memory of 1972	3580	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3580

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957.dll,#1
2⤵
PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...