a240d581a1bf7b126aa030b1c796e013febb2145da16dd4d4842e5c3502943d7 | Triage

Analysis

max time kernel
38s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 09:36

Sharing

Report Analysis Logs

General

Target

a240d581a1bf7b126aa030b1c796e013febb2145da16dd4d4842e5c3502943d7.dll
Size

529KB
MD5

ef0854d5e9d04be20e6676738096a021
SHA1

efa00fb74bd6f635cfd4400df3c56fa35caae10f
SHA256

a240d581a1bf7b126aa030b1c796e013febb2145da16dd4d4842e5c3502943d7
SHA512

fa16a0228ecbc26621a1cb0cc5177c39498083839d60e6aafbec184427a8fab87f031aa0187d4b9c42cef17ac6e9e7b4fb5c9103b75278cd6094b36d49afca20

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1748 wrote to memory of 1940	1748	rundll32.exe	rundll32.exe
PID 1748 wrote to memory of 1940	1748	rundll32.exe	rundll32.exe
PID 1748 wrote to memory of 1940	1748	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a240d581a1bf7b126aa030b1c796e013febb2145da16dd4d4842e5c3502943d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1748

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a240d581a1bf7b126aa030b1c796e013febb2145da16dd4d4842e5c3502943d7.dll,#1
2⤵
PID:1940

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...