4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a | Triage

Analysis

max time kernel
2s
max time network
27s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
05-02-2022 16:01

Sharing

Report Analysis Logs

General

Target

4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a.dll
Size

877KB
MD5

4773b4f06e91d998f15f56986eca1c04
SHA1

47bd5aa4356028de73fde18268e4891bf7ec5aae
SHA256

4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a
SHA512

6709ee7c50729eab38b0ab6fc72948fa66458c277d9109e605824105827db87d9c34e7559c4a9a7c7e2f3908f8c4ac49be587e9210928c99757a600a3b9d3c77

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2760 wrote to memory of 3212	2760	rundll32.exe	rundll32.exe
PID 2760 wrote to memory of 3212	2760	rundll32.exe	rundll32.exe
PID 2760 wrote to memory of 3212	2760	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2760

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a.dll,#1
2⤵
PID:3212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...