dd8b18f31dcfa89865629c0264283f6631d38d535b077a8afb3c55d8b677075c | Triage

Resubmissions

17-01-2022 21:34

220117-1e5j4adbhp 10

14-01-2022 18:58

220114-xmj2ksacdn 10

Analysis

max time kernel
4264951s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
17-01-2022 21:34

Sharing

Report Analysis Logs

General

Target

q.dll
Size

1.3MB
MD5

9ad3a0d8b2064d12a9098952c7ac3ee2
SHA1

bf59513b280b6a3d4fb7bf6c5c2836fa6d5ee4a2
SHA256

dd8b18f31dcfa89865629c0264283f6631d38d535b077a8afb3c55d8b677075c
SHA512

7a7e152c08889e399af1e126efa3f74638d2273ffecc8e779d752052bf75e2288b915909cd4d633045be9cb02bb84b948a82b958e1f8bdba200787320d23374e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 116 wrote to memory of 1844	116	rundll32.exe	rundll32.exe
PID 116 wrote to memory of 1844	116	rundll32.exe	rundll32.exe
PID 116 wrote to memory of 1844	116	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\q.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:116

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\q.dll,#1
2⤵
PID:1844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1844-130-0x0000000000000000-mapping.dmp

Download