32678a6c7491efd5e670852b9fd1f20003fc9b0be4a86c3e275cbeabd797b980 | Triage

Analysis

max time kernel
134s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 11:41

Sharing

Report Analysis Logs

General

Target

AdaptiveCards.dll
Size

881KB
MD5

3973b1e8defaf17b5facf61a577f29e8
SHA1

cced31b8a511d7167a3618fccdf4dd281ea403e3
SHA256

32678a6c7491efd5e670852b9fd1f20003fc9b0be4a86c3e275cbeabd797b980
SHA512

5f3b024a787f75f25a1a63b8c36d4cb597ffd1c75423ee553e3d20227784eb8d9aef14f95dbd3d6cf524302b918ef88f09cba852d4bd32d2bdb168e680b8ffc1
SSDEEP

12288:iVEruPoWiHQkGNqlG6JfxGjih/qHopBkqleiqFztg8TOLDILj:iVEvWcGNqzfCiIHoHkCQztgHLDILj

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 1284	3732	rundll32.exe	82
PID 3732 wrote to memory of 1284	3732	rundll32.exe	82
PID 3732 wrote to memory of 1284	3732	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AdaptiveCards.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\AdaptiveCards.dll,#1
  2⤵
  PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads