f8cc2cf36e193774f13c9c5f23ab777496dcd7ca588f4f73b45a7a5ffa96145e | Triage

Analysis

max time kernel
149s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
23-06-2022 00:21

Sharing

Report Analysis Logs

General

Target

f8cc2cf36e193774f13c9c5f23ab777496dcd7ca588f4f73b45a7a5ffa96145e.dll
Size

401KB
MD5

95159f5427c976d28c86aa716799e6de
SHA1

4bfbf8c48f17a7c7269dfc314e5e5bd166db857f
SHA256

f8cc2cf36e193774f13c9c5f23ab777496dcd7ca588f4f73b45a7a5ffa96145e
SHA512

04af830cecd7ec8bf5d2f637a0e52036800d171f8d74f837648bd2129f8d19385fa46ae39c4cb0fc47c03aaa32d17f8739661d8b57b0d3d74532de29fc20f629

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 4760 wrote to memory of 944	4760	rundll32.exe	81
PID 4760 wrote to memory of 944	4760	rundll32.exe	81
PID 4760 wrote to memory of 944	4760	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8cc2cf36e193774f13c9c5f23ab777496dcd7ca588f4f73b45a7a5ffa96145e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8cc2cf36e193774f13c9c5f23ab777496dcd7ca588f4f73b45a7a5ffa96145e.dll,#1
  2⤵
  PID:944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/944-130-0x0000000000000000-mapping.dmp

Download