cbca9a92a6aa067ff4cab8f1d34ec49ffc9a06c90881f48da369c973182ce06d | Triage

Analysis

max time kernel
142s
max time network
159s
platform
windows10_x64
resource
win10-en-20211208
submitted
24-01-2022 03:23

Sharing

Report Analysis Logs

General

Target

cbca9a92a6aa067ff4cab8f1d34ec49ffc9a06c90881f48da369c973182ce06d.dll
Size

207KB
MD5

721254f41286717aa1cd9d7d652a9fa1
SHA1

b48e7a639d2e51e2ae2efdebb0723fe1f8dd84e6
SHA256

cbca9a92a6aa067ff4cab8f1d34ec49ffc9a06c90881f48da369c973182ce06d
SHA512

5aae8ff3790085e98ec5c20719f15b70b8e225c105ae0f284c0a3d89d6fbb4c93153c8286523ddc0dad371d6a1bc4544718017919a87af456f7376ed129337cb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3620 wrote to memory of 3644	3620	rundll32.exe	rundll32.exe
PID 3620 wrote to memory of 3644	3620	rundll32.exe	rundll32.exe
PID 3620 wrote to memory of 3644	3620	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbca9a92a6aa067ff4cab8f1d34ec49ffc9a06c90881f48da369c973182ce06d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3620

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbca9a92a6aa067ff4cab8f1d34ec49ffc9a06c90881f48da369c973182ce06d.dll,#1
2⤵
PID:3644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...