84eda1c70305436d1f9567e274b95f6f3a22e0c9dfbb1b70b8a97febf9bb5d18 | Triage

Analysis

max time kernel
158s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
01-07-2022 02:20

Sharing

Report Analysis Logs

General

Target

files/spreaderA.dll
Size

119KB
MD5

58d71fff346017cf8311120c69c9946a
SHA1

6b5958bfabfe7c731193adb96880b225c8505b73
SHA256

2d29f9ca1d9089ba0399661bb34ba2fd8aba117f04678cd71856d5894aa7150b
SHA512

315cc419f6ec600a345447b0f49e3de9f13c1e96d9bbc272f982204b1c7ec71cb3805f5ff7821da3e7944e327c22e5eba6f3c94b08c66b6e241395e1ea133ed1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4772 wrote to memory of 2068	4772	rundll32.exe	rundll32.exe
PID 4772 wrote to memory of 2068	4772	rundll32.exe	rundll32.exe
PID 4772 wrote to memory of 2068	4772	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\files\spreaderA.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4772

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\files\spreaderA.dll,#1
2⤵
PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2068-130-0x0000000000000000-mapping.dmp

Download