291a4eb06358eca87fbc1f133ee162b6c532f4ec3e6f39c2646cde5de60e80f9 | Triage

Analysis

max time kernel
123s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
24-05-2022 03:21

Sharing

Report Analysis Logs

General

Target

291a4eb06358eca87fbc1f133ee162b6c532f4ec3e6f39c2646cde5de60e80f9.dll
Size

248KB
MD5

6ad619702dad7c8fc1cefd3bc7967cf4
SHA1

b9fc56281283878f69513f341a0479d846c4f0ba
SHA256

291a4eb06358eca87fbc1f133ee162b6c532f4ec3e6f39c2646cde5de60e80f9
SHA512

e9d9a98ab7b25ecb5b7d900728ffd752f3cee705ab772cda079ec48f1fdcd2ac1c6911ad0ac5b6f8e47d9d4a362af875781d444a379ad4abcda5b85ddec21277

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 4428 wrote to memory of 4576	4428	rundll32.exe	83
PID 4428 wrote to memory of 4576	4428	rundll32.exe	83
PID 4428 wrote to memory of 4576	4428	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\291a4eb06358eca87fbc1f133ee162b6c532f4ec3e6f39c2646cde5de60e80f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4428
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\291a4eb06358eca87fbc1f133ee162b6c532f4ec3e6f39c2646cde5de60e80f9.dll,#1
  2⤵
  PID:4576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:5104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4576-130-0x0000000000000000-mapping.dmp

Download