db1320b53ae8e0de5a262ec93742a8f8ef65dd57955b724b39d691e0538de465 | Triage

Analysis

max time kernel
119s
max time network
142s
platform
windows10_x64
resource
win10-en-20211208
submitted
24-01-2022 00:54

Sharing

Report Analysis Logs

General

Target

db1320b53ae8e0de5a262ec93742a8f8ef65dd57955b724b39d691e0538de465.dll
Size

164KB
MD5

334d1fb660cca4c7175dc3ad17358052
SHA1

c986d2ff01dd321b32076c75b8f492931e31e7c1
SHA256

db1320b53ae8e0de5a262ec93742a8f8ef65dd57955b724b39d691e0538de465
SHA512

8da4357907af0e07d3f560aeaf6959f4e12e63d52bd133d1b872a193368876685d1d18ee7c626358ec55cd60d9122a23d444051bb79f07eb3a0e1321193ea4a8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2544 wrote to memory of 2612	2544	rundll32.exe	rundll32.exe
PID 2544 wrote to memory of 2612	2544	rundll32.exe	rundll32.exe
PID 2544 wrote to memory of 2612	2544	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db1320b53ae8e0de5a262ec93742a8f8ef65dd57955b724b39d691e0538de465.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2544

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db1320b53ae8e0de5a262ec93742a8f8ef65dd57955b724b39d691e0538de465.dll,#1
2⤵
PID:2612

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...