1fe31f2595ec84f38476a019805ccee392d3c9fef351870c1a9d5cc9b2d909c2 | Triage

Analysis

max time kernel
170s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12/06/2022, 16:23

Sharing

Report Analysis Logs

General

Target

1fe31f2595ec84f38476a019805ccee392d3c9fef351870c1a9d5cc9b2d909c2.dll
Size

30KB
MD5

5edf16be494c9598e7b49861a4a44756
SHA1

8110eee35629a5a537b6b301cfdb9f2dbc71f559
SHA256

1fe31f2595ec84f38476a019805ccee392d3c9fef351870c1a9d5cc9b2d909c2
SHA512

595055949e1ce6a651cf1f6762e745520418a7867215b5a2a1d4b0e323bc8e7b72b48a017194b4672cba7ad60b7e3fcbae243ce0a07becd08c00b73d78a798cd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 4372	3208	rundll32.exe	81
PID 3208 wrote to memory of 4372	3208	rundll32.exe	81
PID 3208 wrote to memory of 4372	3208	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fe31f2595ec84f38476a019805ccee392d3c9fef351870c1a9d5cc9b2d909c2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fe31f2595ec84f38476a019805ccee392d3c9fef351870c1a9d5cc9b2d909c2.dll,#1
  2⤵
  PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4372 -ip 4372
1⤵
PID:5080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads