38be1a5eb7776ab8783f867c85fdf1239b897122208f91c1a818f6776fb946a4 | Triage

Analysis

max time kernel
129s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
08-04-2022 14:48

Sharing

Report Analysis Logs

General

Target

a347edbe3b48344772aeb91faf49c525.dll
Size

1.7MB
MD5

a347edbe3b48344772aeb91faf49c525
SHA1

6630b4561647b88dc8664ef2f683a6c59adcbea0
SHA256

38be1a5eb7776ab8783f867c85fdf1239b897122208f91c1a818f6776fb946a4
SHA512

36061a016fe275a969aa86884746dfa80ec4a654516ffbbfba451307cee1178358d91912069f4150feda5210f33a4b46cfafee8a2a6154aa8d550268f73dd772

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1592 wrote to memory of 1660	1592	rundll32.exe	rundll32.exe
PID 1592 wrote to memory of 1660	1592	rundll32.exe	rundll32.exe
PID 1592 wrote to memory of 1660	1592	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a347edbe3b48344772aeb91faf49c525.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1592

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a347edbe3b48344772aeb91faf49c525.dll,#1
2⤵
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1660-130-0x0000000000000000-mapping.dmp

Download
memory/1660-131-0x00000000023E0000-0x000000000258E000-memory.dmp

Filesize
1.7MB

Download