e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448 | Triage

Analysis

max time kernel
2s
max time network
28s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
05-02-2022 08:45

Sharing

Report Analysis Logs

General

Target

e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448.dll
Size

873KB
MD5

4999aaea3e94b8cebf6f7c85c0e70f87
SHA1

89198a1da32b1aedf70e9a113269b25c0abada82
SHA256

e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448
SHA512

2cbf48afd27075f2650f78b1f1414f27b0561590e4f142745f7ab326ca29edf22f9b53f1fe127ff9500285a9752ccc9579de525532f417cf3c638a3b5368eec4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1260 wrote to memory of 612	1260	rundll32.exe	rundll32.exe
PID 1260 wrote to memory of 612	1260	rundll32.exe	rundll32.exe
PID 1260 wrote to memory of 612	1260	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1260

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448.dll,#1
2⤵
PID:612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...