0948d6db510ad047f13dfd34348209d1fcbf5659d08c16f0509981c077dffbb7 | Triage

Analysis

max time kernel
91s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
28-06-2022 09:33

Sharing

Report Analysis Logs

General

Target

0948d6db510ad047f13dfd34348209d1fcbf5659d08c16f0509981c077dffbb7.dll
Size

389KB
MD5

71137fc2763fc0c76e77d6d255f4a690
SHA1

f9b553ac4a9b3bf3b4a0990c1b08d8770f6c4cb6
SHA256

0948d6db510ad047f13dfd34348209d1fcbf5659d08c16f0509981c077dffbb7
SHA512

067bbbb166612ba9f89048194f4670b7960d6b1a25761be2da1ccc2c00c1b4386eeea48c288c3d05026aa463546e4765b1712b0b5da913c4ba1e8ec231e92c74

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4308 wrote to memory of 4112	4308	rundll32.exe	rundll32.exe
PID 4308 wrote to memory of 4112	4308	rundll32.exe	rundll32.exe
PID 4308 wrote to memory of 4112	4308	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0948d6db510ad047f13dfd34348209d1fcbf5659d08c16f0509981c077dffbb7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4308

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0948d6db510ad047f13dfd34348209d1fcbf5659d08c16f0509981c077dffbb7.dll,#1
2⤵
PID:4112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4112-133-0x0000000000000000-mapping.dmp

Download