a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5 | Triage

Analysis

max time kernel
155s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
21-05-2022 19:23

Sharing

Report Analysis Logs

General

Target

a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5.dll
Size

26KB
MD5

bb40bbbd3b69e0eb802c42d2506b6754
SHA1

bf80e329cba134ccd96f9572d2c0bf250515c26e
SHA256

a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5
SHA512

712d114aa05d73246fb607039e8875db4f481050c00f1909dd9625b2ef35303976e7c96bc7b6ab861781458f33985bc679d88009a567103e6aadf334ea20b270

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2384 wrote to memory of 3204	2384	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 3204	2384	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 3204	2384	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5.dll,#1
2⤵
PID:3204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3204-130-0x0000000000000000-mapping.dmp

Download