f00e493560742bfb091591f3bd2dac32fa74de72bd9949e6ad7a0e255193e20a | Triage

Analysis

max time kernel
3s
max time network
15s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
05-02-2022 08:12

Sharing

Report Analysis Logs

General

Target

f00e493560742bfb091591f3bd2dac32fa74de72bd9949e6ad7a0e255193e20a.dll
Size

581KB
MD5

0e46dbfab22c5844c4a72412ab09b42c
SHA1

3f5e160e703675cb5e95b8e9dbc85ef61ad08386
SHA256

f00e493560742bfb091591f3bd2dac32fa74de72bd9949e6ad7a0e255193e20a
SHA512

40afefb607db78b8d998d34bcb89140f95f681238a0def8e7afed1004059b3ca10e21b7997e9f5c8deee0263ea908b78df86228c167fa3ada60d30dd471983b6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4732 wrote to memory of 4952	4732	rundll32.exe	rundll32.exe
PID 4732 wrote to memory of 4952	4732	rundll32.exe	rundll32.exe
PID 4732 wrote to memory of 4952	4732	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f00e493560742bfb091591f3bd2dac32fa74de72bd9949e6ad7a0e255193e20a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4732

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f00e493560742bfb091591f3bd2dac32fa74de72bd9949e6ad7a0e255193e20a.dll,#1
2⤵
PID:4952

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...