e8ad4ddc36dec54760e602abbb063e3b510f8c80a05cf11c55449d9619323e61 | Triage

Analysis

max time kernel
83s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2022 02:11

Sharing

Report Analysis Logs

General

Target

e8ad4ddc36dec54760e602abbb063e3b510f8c80a05cf11c55449d9619323e61.dll
Size

164KB
MD5

d83ab2cc91c75eed094ce46c5d4920e8
SHA1

67f5f9961a0d2989e2e863b56e95543b476a7017
SHA256

e8ad4ddc36dec54760e602abbb063e3b510f8c80a05cf11c55449d9619323e61
SHA512

1882ca0c5d73c6e0e2c1ab7d8b15d81519e5c1cc8df34cd4857e9fc9165927c56b749e2a8c7e657eefddf6a15c45b8c8b31487cb984d1280bb3a951e04353ae6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1448 wrote to memory of 4496	1448	rundll32.exe	rundll32.exe
PID 1448 wrote to memory of 4496	1448	rundll32.exe	rundll32.exe
PID 1448 wrote to memory of 4496	1448	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e8ad4ddc36dec54760e602abbb063e3b510f8c80a05cf11c55449d9619323e61.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1448

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e8ad4ddc36dec54760e602abbb063e3b510f8c80a05cf11c55449d9619323e61.dll,#1
2⤵
PID:4496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4496-130-0x0000000000000000-mapping.dmp

Download