0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708 | Triage

Analysis

max time kernel
158s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
29-05-2022 16:24

Sharing

Report Analysis Logs

General

Target

0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708.dll
Size

198KB
MD5

0680fe53376730d44f9878e0ebeef36d
SHA1

a327a919d0234adfdccc84c407b030d46223cd22
SHA256

0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708
SHA512

47269daea0d7acc0fad0b876d852c5e635ed8771d75bd0410458ef329e5e2f3231cd2b21bb98de26ba1ee1c8afb7d33303df8b774a0f8b17dca53af052197e75

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1216 wrote to memory of 1596	1216	rundll32.exe	rundll32.exe
PID 1216 wrote to memory of 1596	1216	rundll32.exe	rundll32.exe
PID 1216 wrote to memory of 1596	1216	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1216

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708.dll,#1
2⤵
PID:1596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1596-130-0x0000000000000000-mapping.dmp

Download