e09e2dc37c17ec2896579f420453c2e24d4c456cdedb19ef21e786dbfce3c001 | Triage

Analysis

max time kernel
153s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
01-07-2022 04:55

Sharing

Report Analysis Logs

General

Target

e09e2dc37c17ec2896579f420453c2e24d4c456cdedb19ef21e786dbfce3c001.dll
Size

207KB
MD5

de778a1a6c1e7a6912ec1780290ffa54
SHA1

39f731a154f0b8ed136741a290e796842c5b146f
SHA256

e09e2dc37c17ec2896579f420453c2e24d4c456cdedb19ef21e786dbfce3c001
SHA512

c180e5bcd44b056f321022a46f6f9232c6f5818b88ff9218551da0aea04d3de0404551d78c75543861ed1c53fe5dc71e8b2fae3a9347a026477f8536f8d93b19

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2172 wrote to memory of 3176	2172	rundll32.exe	rundll32.exe
PID 2172 wrote to memory of 3176	2172	rundll32.exe	rundll32.exe
PID 2172 wrote to memory of 3176	2172	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e09e2dc37c17ec2896579f420453c2e24d4c456cdedb19ef21e786dbfce3c001.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2172

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e09e2dc37c17ec2896579f420453c2e24d4c456cdedb19ef21e786dbfce3c001.dll,#1
2⤵
PID:3176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3176-130-0x0000000000000000-mapping.dmp

Download