874ad08ec387fe79bf61045da552ffcd93f5a8a8678f89306d5b107b13fda23e | Triage

Analysis

max time kernel
126s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 10:35

Sharing

Report Analysis Logs

General

Target

874ad08ec387fe79bf61045da552ffcd93f5a8a8678f89306d5b107b13fda23e.dll
Size

194KB
MD5

668538d0b771b9d3b8f0c08b7e0cf2cb
SHA1

e026d8827b70edd50b243a8e6b84f4046c78e9e7
SHA256

874ad08ec387fe79bf61045da552ffcd93f5a8a8678f89306d5b107b13fda23e
SHA512

34f961ff86cd7d343064118dc9a0b997918b6e4f56f9bbc05b939564f7f630c3e4be2102e04dd68297b2fcc8a6ba2e2ed5f0b7a17abe1f7edd9064fe390e7478

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3588 wrote to memory of 3176	3588	rundll32.exe	rundll32.exe
PID 3588 wrote to memory of 3176	3588	rundll32.exe	rundll32.exe
PID 3588 wrote to memory of 3176	3588	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\874ad08ec387fe79bf61045da552ffcd93f5a8a8678f89306d5b107b13fda23e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3588

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\874ad08ec387fe79bf61045da552ffcd93f5a8a8678f89306d5b107b13fda23e.dll,#1
2⤵
PID:3176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3176-130-0x0000000000000000-mapping.dmp

Download