5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e | Triage

Analysis

max time kernel
6s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 06:21

Sharing

Report Analysis Logs

General

Target

5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e.dll
Size

489KB
MD5

773ddf5b1f3c6aed86f5a6d5e47d6cf0
SHA1

6b78117fdebf7ecd999bed5c80c1eedad38d7307
SHA256

5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e
SHA512

b93ffe3295f70b0e6983e2464809586bae36f46057728a1118f0e55ab5aa41e8e8bf598d32075ea6250136332fe3fce2ec62a183d1a549b811bfac44177d1d08

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3576 wrote to memory of 3208	3576	rundll32.exe	rundll32.exe
PID 3576 wrote to memory of 3208	3576	rundll32.exe	rundll32.exe
PID 3576 wrote to memory of 3208	3576	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3576

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e.dll,#1
2⤵
PID:3208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...