e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a | Triage

Analysis

max time kernel
7s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
05-02-2022 08:43

Sharing

Report Analysis Logs

General

Target

e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a.dll
Size

860KB
MD5

bba9ace9dc7cce4cac9439a43fa4c9a0
SHA1

8a66109684bfb149ae5f59adaceb380b040f1afc
SHA256

e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a
SHA512

49ab85bd8272bb8e54b93cb899af72cfaf169b0db39ac334d60e2e13daa1c393e6e7e563d308d002b9e9724a51740f6a860176885afcc1473fa9a04587134d82

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4052 wrote to memory of 4568	4052	rundll32.exe	rundll32.exe
PID 4052 wrote to memory of 4568	4052	rundll32.exe	rundll32.exe
PID 4052 wrote to memory of 4568	4052	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4052

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a.dll,#1
2⤵
PID:4568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...