a694c9081cf430f5902b818c0de821a3116cd315c0a5272bd8297655f6087f46 | Triage

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 03:05

Sharing

Report Analysis Logs

General

Target

a694c9081cf430f5902b818c0de821a3116cd315c0a5272bd8297655f6087f46.dll
Size

138KB
MD5

f55837c70c1d870facd7cf263c0c4258
SHA1

ea9ed68d74a344b2f5acb52bdb2a785ff13fbd2c
SHA256

a694c9081cf430f5902b818c0de821a3116cd315c0a5272bd8297655f6087f46
SHA512

789bc3347986d20ce3744706d40ac656304466b889c9564c25ef4fbdf67aaf80c743bdd2e7540f3b35f44ebe447995797bfa5603f4ebe768ac20084a69227222

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 4308 wrote to memory of 3776	4308	rundll32.exe	82
PID 4308 wrote to memory of 3776	4308	rundll32.exe	82
PID 4308 wrote to memory of 3776	4308	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a694c9081cf430f5902b818c0de821a3116cd315c0a5272bd8297655f6087f46.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a694c9081cf430f5902b818c0de821a3116cd315c0a5272bd8297655f6087f46.dll,#1
  2⤵
  PID:3776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3776-130-0x0000000000000000-mapping.dmp

Download