50c4b4ecf38e43b92293b1add79f95f61d27f1c39adea28c97d1cf98892e70b2 | Triage

Analysis

max time kernel
91s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
11-07-2022 17:09

Sharing

Report Analysis Logs

General

Target

102755.dll
Size

686KB
MD5

17bdd7bc292a529fd574945caf5d541b
SHA1

c8791797ddd71c1b11fac4e7c530b1d3744be881
SHA256

6dbdb80f854dbdc77d63eb2b52280c1ba592cc5a1546608ab921bde0d3ac6e5d
SHA512

d4c89ab6fd187cf4e01d74d4ec32ed146ee15441af63b840e97e7bcf7032bcb6b13a668ac5aeefdf20af8a7d1c0dda52305a0e9b647b8b1dfbfa76a0a7cf57eb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1448 wrote to memory of 2508	1448	rundll32.exe	rundll32.exe
PID 1448 wrote to memory of 2508	1448	rundll32.exe	rundll32.exe
PID 1448 wrote to memory of 2508	1448	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\102755.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1448

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\102755.dll,#1
2⤵
PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2508-130-0x0000000000000000-mapping.dmp

Download