2ce9e4d223ed50fae1e7ebffca322223d0a790c741cf7a420c4bd7ce396942d5 | Triage

Analysis

max time kernel
8s
max time network
20s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
18-01-2022 22:49

Sharing

Report Analysis Logs

General

Target

2ce9e4d223ed50fae1e7ebffca322223d0a790c741cf7a420c4bd7ce396942d5.dll
Size

631KB
MD5

8d5c6e4740c3d5bfd4af757183c6d4eb
SHA1

c9a71d57e1a35b09710753bed9e487d62b37e853
SHA256

2ce9e4d223ed50fae1e7ebffca322223d0a790c741cf7a420c4bd7ce396942d5
SHA512

3285875126af8c441a2a7d97d62cb128ff827aae313d4b652ef06632e6b6961e6aba71d4d870e27d7995c030ae5d295f802dae28b250550d195bfb0531d23cfa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2900 wrote to memory of 2912	2900	rundll32.exe	rundll32.exe
PID 2900 wrote to memory of 2912	2900	rundll32.exe	rundll32.exe
PID 2900 wrote to memory of 2912	2900	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ce9e4d223ed50fae1e7ebffca322223d0a790c741cf7a420c4bd7ce396942d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2900

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ce9e4d223ed50fae1e7ebffca322223d0a790c741cf7a420c4bd7ce396942d5.dll,#1
2⤵
PID:2912

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...