ca4214e15181e52923f713771455f5709e4baa13626cad85b735734cf66d36db | Triage

Analysis

max time kernel
40s
max time network
82s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 09:14

Sharing

Report Analysis Logs

General

Target

ca4214e15181e52923f713771455f5709e4baa13626cad85b735734cf66d36db.dll
Size

281KB
MD5

f3362eae787c09d8061194591dee0727
SHA1

cc5fe51c5b35dcef50b5adfc730b1354ae124bab
SHA256

ca4214e15181e52923f713771455f5709e4baa13626cad85b735734cf66d36db
SHA512

e0ba969db9b0c217c25246695186b53734a4e502765f73d018f91480cc2120fe2472c3a9931bbee998660afd558c54a79b81a80ab32ae59115107084ab7d0de0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4452 wrote to memory of 4816	4452	rundll32.exe	rundll32.exe
PID 4452 wrote to memory of 4816	4452	rundll32.exe	rundll32.exe
PID 4452 wrote to memory of 4816	4452	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca4214e15181e52923f713771455f5709e4baa13626cad85b735734cf66d36db.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4452

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca4214e15181e52923f713771455f5709e4baa13626cad85b735734cf66d36db.dll,#1
2⤵
PID:4816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4816-130-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4816-131-0x0000000000401000-0x0000000000445000-memory.dmp

Filesize
272KB

Download