03339ad3c87e35a6a0e59ace83ca82f0d37af9a858f3b25dab14b7ae8053835a | Triage

Analysis

max time kernel
10s
max time network
15s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
18-01-2022 22:49

Sharing

Report Analysis Logs

General

Target

03339ad3c87e35a6a0e59ace83ca82f0d37af9a858f3b25dab14b7ae8053835a.dll
Size

633KB
MD5

5a26d9ae9c7e910b86efcd6979f7ded6
SHA1

f346145ac18ff4b2328db6ded32daa2cf070225a
SHA256

03339ad3c87e35a6a0e59ace83ca82f0d37af9a858f3b25dab14b7ae8053835a
SHA512

de48a226caa8d46bd9f8fc957c84d72a8a5fcabfba64695d93c58fdd184844b50716b61df70bf3225ca99a15a2195de210af2e2f59fd74f7f1d78cbe65b3e265

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3692 wrote to memory of 3668	3692	rundll32.exe	rundll32.exe
PID 3692 wrote to memory of 3668	3692	rundll32.exe	rundll32.exe
PID 3692 wrote to memory of 3668	3692	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03339ad3c87e35a6a0e59ace83ca82f0d37af9a858f3b25dab14b7ae8053835a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3692

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03339ad3c87e35a6a0e59ace83ca82f0d37af9a858f3b25dab14b7ae8053835a.dll,#1
2⤵
PID:3668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...