ab2c0b36b787b8d1c428c9971c8a4db76ffb03c9c3bf659aa0b03ee45e8ed58a | Triage

Analysis

max time kernel
1s
max time network
6s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
20-01-2022 14:33

Sharing

Report Analysis Logs

General

Target

ab2c0b36b787b8d1c428c9971c8a4db76ffb03c9c3bf659aa0b03ee45e8ed58a.dll
Size

628KB
MD5

51f81eccac70d30d37eab17ebae9c02c
SHA1

30e4eb355e5fae3a7a61fa135fbad369fa95c446
SHA256

ab2c0b36b787b8d1c428c9971c8a4db76ffb03c9c3bf659aa0b03ee45e8ed58a
SHA512

254222657ba6e9b0af5198633e7eff683adc803380144a73f16391341728b8d27648beff4a97ec91b07b7cf7a5b43d5fc7576eb6c2f5eb2a11772f7f3a9324b6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 624 wrote to memory of 4032	624	rundll32.exe	rundll32.exe
PID 624 wrote to memory of 4032	624	rundll32.exe	rundll32.exe
PID 624 wrote to memory of 4032	624	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab2c0b36b787b8d1c428c9971c8a4db76ffb03c9c3bf659aa0b03ee45e8ed58a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:624

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab2c0b36b787b8d1c428c9971c8a4db76ffb03c9c3bf659aa0b03ee45e8ed58a.dll,#1
2⤵
PID:4032

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...