ba7e4f4e60e5307e25ee0e052018e25de9a9dc310a1d58cade18f50c8a407591 | Triage

Analysis

max time kernel
7s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
05-02-2022 10:53

Sharing

Report Analysis Logs

General

Target

ba7e4f4e60e5307e25ee0e052018e25de9a9dc310a1d58cade18f50c8a407591.dll
Size

161KB
MD5

6015bbeee416d93df03e4f7c3f7c2f96
SHA1

8f26971ca886eec445006442322f656a7f27313a
SHA256

ba7e4f4e60e5307e25ee0e052018e25de9a9dc310a1d58cade18f50c8a407591
SHA512

d70d75452b28d6dbba2d182f1d4b3134d80c4fa952b394a707d8a84a01c6d90fa4f422ea617ead7ea3dfbe4b2ad2a3b53e0752044c0dadfc252bc4f4ff84980b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1276 wrote to memory of 3124	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 3124	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 3124	1276	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba7e4f4e60e5307e25ee0e052018e25de9a9dc310a1d58cade18f50c8a407591.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1276

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba7e4f4e60e5307e25ee0e052018e25de9a9dc310a1d58cade18f50c8a407591.dll,#1
2⤵
PID:3124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...