ad286a9ef63c68763548711b695d7882ad520544be58b0f6c518591ce96bfe88 | Triage

Analysis

max time kernel
168s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
23-05-2022 20:41

Sharing

Report Analysis Logs

General

Target

ad286a9ef63c68763548711b695d7882ad520544be58b0f6c518591ce96bfe88.dll
Size

499KB
MD5

78e9678410027e275631ccc725c30904
SHA1

29b43321cc43a815a0bd8f253e446198875dea3f
SHA256

ad286a9ef63c68763548711b695d7882ad520544be58b0f6c518591ce96bfe88
SHA512

7aaf15af07888dcced8d34a8cc73df1e6de36e78fc89bbcc4405bca4d9f3768797764d35458514901eeb0caec601ef79f160a6b12693999ba70492bcf232c948

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2308 wrote to memory of 464	2308	rundll32.exe	rundll32.exe
PID 2308 wrote to memory of 464	2308	rundll32.exe	rundll32.exe
PID 2308 wrote to memory of 464	2308	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad286a9ef63c68763548711b695d7882ad520544be58b0f6c518591ce96bfe88.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2308

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad286a9ef63c68763548711b695d7882ad520544be58b0f6c518591ce96bfe88.dll,#1
2⤵
PID:464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/464-130-0x0000000000000000-mapping.dmp

Download
memory/464-132-0x0000000000D10000-0x0000000000D33000-memory.dmp

Filesize
140KB

Download
memory/464-131-0x0000000000C60000-0x0000000000C93000-memory.dmp

Filesize
204KB

Download