82f874f753acdc5d1d881408fb3460262d3a91d5552c6057eb4552c491d8add1 | Triage

Analysis

max time kernel
62s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
12-04-2022 21:00

Sharing

Report Analysis Logs

General

Target

82f874f753acdc5d1d881408fb3460262d3a91d5552c6057eb4552c491d8add1.dll
Size

1.7MB
MD5

11798c55c5836f51fb3bfc773fef5fac
SHA1

8f595e23c4096e42000b6886659f1cb8356d6d67
SHA256

82f874f753acdc5d1d881408fb3460262d3a91d5552c6057eb4552c491d8add1
SHA512

4ea72998ee186fbef63ae8c19a8cfcf29a6021e94f49d00ba9355f94b779a3ab79c4c4ef5583749816ef750681063127569fb1c16feeb69f96ae9210c1a082a5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2868 wrote to memory of 3832	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 3832	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 3832	2868	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\82f874f753acdc5d1d881408fb3460262d3a91d5552c6057eb4552c491d8add1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2868

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\82f874f753acdc5d1d881408fb3460262d3a91d5552c6057eb4552c491d8add1.dll,#1
2⤵
PID:3832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3832-130-0x0000000000000000-mapping.dmp

Download
memory/3832-131-0x0000000000C70000-0x0000000000E1E000-memory.dmp

Filesize
1.7MB

Download