b83f24c6503b8ca75beea28f0992d819ff195463c8629bb5c69b82e6c03aa4c3 | Triage

Analysis

max time kernel
12s
max time network
18s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
19-01-2022 15:54

Sharing

Report Analysis Logs

General

Target

24f1a3db1a108d35950cb15bd93dd13c4455f13b.dll
Size

644KB
MD5

259bda03244a5c9077b39d0632ba829e
SHA1

24f1a3db1a108d35950cb15bd93dd13c4455f13b
SHA256

b83f24c6503b8ca75beea28f0992d819ff195463c8629bb5c69b82e6c03aa4c3
SHA512

f1053c863125f918accd1e2fb5211773313defc6a2dec607eca4041e73f7307058193e6291fc7c2c66125ebc3ee61e451e217148f463b7bfdcebcd3125cc05a7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1324 wrote to memory of 1400	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1400	1324	rundll32.exe	rundll32.exe
PID 1324 wrote to memory of 1400	1324	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\24f1a3db1a108d35950cb15bd93dd13c4455f13b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\24f1a3db1a108d35950cb15bd93dd13c4455f13b.dll,#1
2⤵
PID:1400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...