5f287d8b207645d9cfb47ff2aacb7ed2a6769fa14b1fe78c45a73efc73f0a84c | Triage

Analysis

max time kernel
37s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
01-02-2022 10:17

Sharing

Report Analysis Logs

General

Target

5f287d8b207645d9cfb47ff2aacb7ed2a6769fa14b1fe78c45a73efc73f0a84c.dll
Size

282KB
MD5

d4177e2e225f0ba2c3a4575db7ea1a13
SHA1

983b44349669b40d276a4647ff9d7c0338860985
SHA256

5f287d8b207645d9cfb47ff2aacb7ed2a6769fa14b1fe78c45a73efc73f0a84c
SHA512

7fcce384e32d12f75577af3044f430259b2e104e236d0306506f90b38544d39cbc980878e76f52984790db16b55ca3f3e9976f893e08831237010fd31df17e92

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1760 wrote to memory of 4464	1760	rundll32.exe	rundll32.exe
PID 1760 wrote to memory of 4464	1760	rundll32.exe	rundll32.exe
PID 1760 wrote to memory of 4464	1760	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f287d8b207645d9cfb47ff2aacb7ed2a6769fa14b1fe78c45a73efc73f0a84c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1760

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f287d8b207645d9cfb47ff2aacb7ed2a6769fa14b1fe78c45a73efc73f0a84c.dll,#1
2⤵
PID:4464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads