14d0735833c45afd0ada836124e4ef6876ec6b6ead4f0eae3b83d3a2f5a521ed | Triage

Analysis

max time kernel
92s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
24-05-2022 03:27

Sharing

Report Analysis Logs

General

Target

14d0735833c45afd0ada836124e4ef6876ec6b6ead4f0eae3b83d3a2f5a521ed.dll
Size

164KB
MD5

a18e52d3d7d3fd43ba2597885bde3557
SHA1

d3741d23082b547af6b1423ce65a8ca3ab37908d
SHA256

14d0735833c45afd0ada836124e4ef6876ec6b6ead4f0eae3b83d3a2f5a521ed
SHA512

2efc5c538cf97142e2a2995777132a5b5606ae1db86882e527f30b3deea60f53c5e5f16c9137dfbfb9e34f114a01adbc571fed6c7bfbfd0b5f94da2af26b858c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1196 wrote to memory of 5012	1196	rundll32.exe	rundll32.exe
PID 1196 wrote to memory of 5012	1196	rundll32.exe	rundll32.exe
PID 1196 wrote to memory of 5012	1196	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14d0735833c45afd0ada836124e4ef6876ec6b6ead4f0eae3b83d3a2f5a521ed.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1196

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14d0735833c45afd0ada836124e4ef6876ec6b6ead4f0eae3b83d3a2f5a521ed.dll,#1
2⤵
PID:5012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5012-130-0x0000000000000000-mapping.dmp

Download