af939094a2d279307853f109fc6e468ea59afdddafb83e7f346c3e66075d0a58 | Triage

Analysis

max time kernel
90s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
20-04-2022 16:51

Sharing

Report Analysis Logs

General

Target

af939094a2d279307853f109fc6e468ea59afdddafb83e7f346c3e66075d0a58.dll
Size

12KB
MD5

67e0f8f9549ff5028bdb2119a784896d
SHA1

939b3c765a5bba9d36ce2b35996d76f08fc56f0d
SHA256

af939094a2d279307853f109fc6e468ea59afdddafb83e7f346c3e66075d0a58
SHA512

2497f9fa0af42f2c032572b19e71b8a49478a3b50b6c6ecd59ef7cafcea37030ec94d55f3c0c0800439d5dc7388993c288bbffb1128a3827cfcec341ab1a8194

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4928 wrote to memory of 4756	4928	rundll32.exe	rundll32.exe
PID 4928 wrote to memory of 4756	4928	rundll32.exe	rundll32.exe
PID 4928 wrote to memory of 4756	4928	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af939094a2d279307853f109fc6e468ea59afdddafb83e7f346c3e66075d0a58.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4928

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af939094a2d279307853f109fc6e468ea59afdddafb83e7f346c3e66075d0a58.dll,#1
2⤵
PID:4756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4756-130-0x0000000000000000-mapping.dmp

Download