49cb613e0241e2a1e3ac064f3465f887403f69d438775c15211a213d208a0f6c | Triage

Analysis

max time kernel
92s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 05:21

Sharing

Report Analysis Logs

General

Target

49cb613e0241e2a1e3ac064f3465f887403f69d438775c15211a213d208a0f6c.dll
Size

163KB
MD5

0470a08d9e4c7dd14a95adc5753f0eb4
SHA1

e20ad5368273f15e2d5a34e80ffc1c72b9e43ee8
SHA256

49cb613e0241e2a1e3ac064f3465f887403f69d438775c15211a213d208a0f6c
SHA512

e64ce93037a872666d8f849377c6f831ee74ae2d1f9b03b04b0bd4cf4f51b587304d83a0f478bf9bc3f9ef50c07327c338aea913f0df6b517840e4d3b027ed12

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2848 wrote to memory of 3608	2848	rundll32.exe	rundll32.exe
PID 2848 wrote to memory of 3608	2848	rundll32.exe	rundll32.exe
PID 2848 wrote to memory of 3608	2848	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49cb613e0241e2a1e3ac064f3465f887403f69d438775c15211a213d208a0f6c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2848

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49cb613e0241e2a1e3ac064f3465f887403f69d438775c15211a213d208a0f6c.dll,#1
2⤵
PID:3608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3608-130-0x0000000000000000-mapping.dmp

Download