15a53543bd1b08ed96142ee57a133dabd82fcce3fefcf97a81cbbe7d6f9cf312 | Triage

Analysis

max time kernel
120s
max time network
141s
platform
windows10_x64
resource
win10-en-20211208
submitted
30-01-2022 08:00

Sharing

Report Analysis Logs

General

Target

15a53543bd1b08ed96142ee57a133dabd82fcce3fefcf97a81cbbe7d6f9cf312.dll
Size

164KB
MD5

7e0c6108b57e5bec6f7bf6b477b9dbec
SHA1

211401c761b575ac6b2e2d6839261a5d9b51a400
SHA256

15a53543bd1b08ed96142ee57a133dabd82fcce3fefcf97a81cbbe7d6f9cf312
SHA512

7a6a593aa90e4147270645d4d65d633c62fa7765269930df88f2f0764a53d107259c3eb9a720177875a252c9ca531eb5897c733d2e7d97f4603cd4e1cd7f14ba

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3912 wrote to memory of 3280	3912	rundll32.exe	rundll32.exe
PID 3912 wrote to memory of 3280	3912	rundll32.exe	rundll32.exe
PID 3912 wrote to memory of 3280	3912	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15a53543bd1b08ed96142ee57a133dabd82fcce3fefcf97a81cbbe7d6f9cf312.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3912

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15a53543bd1b08ed96142ee57a133dabd82fcce3fefcf97a81cbbe7d6f9cf312.dll,#1
2⤵
PID:3280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...