e009fcbdd65aec859f46fd1df2125a54f576cf911320d1466eab1eedca2d49f6 | Triage

Analysis

max time kernel
122s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 09:57

Sharing

Report Analysis Logs

General

Target

e009fcbdd65aec859f46fd1df2125a54f576cf911320d1466eab1eedca2d49f6.dll
Size

190KB
MD5

ba24b39f758851081ab4c49b8e832a0f
SHA1

cc101fef49cdd1bb2b86610cc6cac02492cd539e
SHA256

e009fcbdd65aec859f46fd1df2125a54f576cf911320d1466eab1eedca2d49f6
SHA512

b988ccdce9ef5947df0f773a4451b66a629496ab84eb2c9a1612185b7c2c5aaeb2b973cf29480d239d8b60fccd7ab240c46d7c782563f5fd36df3c433c0b50bd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1940 wrote to memory of 2408	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2408	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2408	1940	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e009fcbdd65aec859f46fd1df2125a54f576cf911320d1466eab1eedca2d49f6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e009fcbdd65aec859f46fd1df2125a54f576cf911320d1466eab1eedca2d49f6.dll,#1
2⤵
PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2408-130-0x0000000000000000-mapping.dmp

Download