e51298761b141f01c83299250409b3002ea8ea70cd914f959edcd5829fac9ed6 | Triage

Analysis

max time kernel
139s
max time network
156s
platform
windows10_x64
resource
win10-en-20211208
submitted
24-01-2022 00:49

Sharing

Report Analysis Logs

General

Target

e51298761b141f01c83299250409b3002ea8ea70cd914f959edcd5829fac9ed6.dll
Size

115KB
MD5

b1ab213d39522915097480cb41fde381
SHA1

42ad57e1377142f10372a36d996ce9f47cafeb43
SHA256

e51298761b141f01c83299250409b3002ea8ea70cd914f959edcd5829fac9ed6
SHA512

f29d7578f0c859ac67f766d51b6824e8afd92a61aac32d630481adabc521350085924919c713ab992aaeac81b77a15314578d29858bba9bf7770273e09791895

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4056 wrote to memory of 1900	4056	rundll32.exe	rundll32.exe
PID 4056 wrote to memory of 1900	4056	rundll32.exe	rundll32.exe
PID 4056 wrote to memory of 1900	4056	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e51298761b141f01c83299250409b3002ea8ea70cd914f959edcd5829fac9ed6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4056

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e51298761b141f01c83299250409b3002ea8ea70cd914f959edcd5829fac9ed6.dll,#1
2⤵
PID:1900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...