af62641d0be903ea60f9e26caf913f886b21460f7ccacab2df809e6de0a72dbf | Triage

Analysis

max time kernel
18s
max time network
19s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 04:31

Sharing

Report Analysis Logs

General

Target

af62641d0be903ea60f9e26caf913f886b21460f7ccacab2df809e6de0a72dbf.dll
Size

454KB
MD5

6a996ad9b92e21065fa2e482281eaa58
SHA1

2c058d0ffd86f97a666e84a24e5be373128ab1d1
SHA256

af62641d0be903ea60f9e26caf913f886b21460f7ccacab2df809e6de0a72dbf
SHA512

ca7c4eb14f41f156af235472d86951ef8deea2c2329452fa89a1a3928482c73aa81664c4862ec4c9b5486ab803d69d67a1e6d7ef5975e9f45cb5c20059f48b95

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2164 wrote to memory of 2364	2164	rundll32.exe	rundll32.exe
PID 2164 wrote to memory of 2364	2164	rundll32.exe	rundll32.exe
PID 2164 wrote to memory of 2364	2164	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af62641d0be903ea60f9e26caf913f886b21460f7ccacab2df809e6de0a72dbf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2164

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af62641d0be903ea60f9e26caf913f886b21460f7ccacab2df809e6de0a72dbf.dll,#1
2⤵
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...