38c7f18680f90c69c1d6d5c725f534d5b2b85de35fe65ea433fafac03561669a | Triage

Analysis

max time kernel
136s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 11:43

Sharing

Report Analysis Logs

General

Target

Adobelm.dll
Size

2.7MB
MD5

8fc4465bac0fa6a1f9fba98a98e8cf56
SHA1

200133e4d660706d2a89f4d62089aa37b0cc9e8a
SHA256

78c06d15a2ff1a6b121508bdef2b22fdce7c52f3ac8175266e526cf032a923fc
SHA512

934b0533622dd4373107cad4429f908a53d23e04bab38f93e1279f12560c90efeb82bcd876348da2dab3e1abe75aa5c23dd895f65b3c85e63dbbb35c45b66e1b
SSDEEP

49152:RJ4JHOGGLGLTwTZaO2NqkunkJDc8+wpQWk2mVwfrr56dJLpQQIt:34dOEO2NZ0bOgd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 4768	4796	rundll32.exe	47
PID 4796 wrote to memory of 4768	4796	rundll32.exe	47
PID 4796 wrote to memory of 4768	4796	rundll32.exe	47

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Adobelm.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Adobelm.dll,#1
  2⤵
  PID:4768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads