010770a88992f673ff6bfaefac10e94c388b80a650830a1ae72f3dfb0df20267 | Triage

Analysis

max time kernel
127s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
15-03-2022 10:41

Sharing

Report Analysis Logs

General

Target

010770a88992f673ff6bfaefac10e94c388b80a650830a1ae72f3dfb0df20267.dll
Size

276KB
MD5

344ef76867f8654c37cc02320c49b0e1
SHA1

c6be88bb71386a4b56070d2c59fbb780a790dfa1
SHA256

010770a88992f673ff6bfaefac10e94c388b80a650830a1ae72f3dfb0df20267
SHA512

6fd18cae67ae56fa4ae7d42cbec0ee2c81ebe7ca584a41e1446592b4088b72f3cf2c208ae7569e5af0ee86e4b1edd90e5d50d7a2aaacf8033240e461944ec4f6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4556 wrote to memory of 3216	4556	rundll32.exe	rundll32.exe
PID 4556 wrote to memory of 3216	4556	rundll32.exe	rundll32.exe
PID 4556 wrote to memory of 3216	4556	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\010770a88992f673ff6bfaefac10e94c388b80a650830a1ae72f3dfb0df20267.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4556

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\010770a88992f673ff6bfaefac10e94c388b80a650830a1ae72f3dfb0df20267.dll,#1
2⤵
PID:3216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...