d00039f436c40d322b0fb66898983cdd5f2816b7024069c13528376fca8dbe04 | Triage

Analysis

max time kernel
114s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
08-07-2022 14:37

Sharing

Report Analysis Logs

General

Target

d00039f436c40d322b0fb66898983cdd5f2816b7024069c13528376fca8dbe04.dll
Size

2.4MB
MD5

a3efb67aa1434cce1004a0c30e28834e
SHA1

e0bd99f7ac10f0989c1297e9a4b665e41164cf19
SHA256

d00039f436c40d322b0fb66898983cdd5f2816b7024069c13528376fca8dbe04
SHA512

ee55f63f0efefe4d3079461fdd62f6409cbe247b982cd91befcefc4c639d8bb63f77f7db4150f766357c809dab283686dc5834d81f2c144c3b8826afc61f6830

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1496 wrote to memory of 3988	1496	rundll32.exe	rundll32.exe
PID 1496 wrote to memory of 3988	1496	rundll32.exe	rundll32.exe
PID 1496 wrote to memory of 3988	1496	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d00039f436c40d322b0fb66898983cdd5f2816b7024069c13528376fca8dbe04.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1496

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d00039f436c40d322b0fb66898983cdd5f2816b7024069c13528376fca8dbe04.dll,#1
2⤵
PID:3988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3988-130-0x0000000000000000-mapping.dmp

Download