f1c1706d380fd2a149dc7bde40ee795a0ab3dc56aa665b13cbadd131a7aa2235 | Triage

Analysis

max time kernel
91s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12-07-2022 07:02

Sharing

Report Analysis Logs

General

Target

f1c1706d380fd2a149dc7bde40ee795a0ab3dc56aa665b13cbadd131a7aa2235.dll
Size

686KB
MD5

082949ed3528c239ebc2558a6d3d45c8
SHA1

bd8997f9ec3ac4de4e27c5424efa9c218aa43521
SHA256

f1c1706d380fd2a149dc7bde40ee795a0ab3dc56aa665b13cbadd131a7aa2235
SHA512

0d8ecc4255d83088cc1fc76c5b7e2b3778772b7123fa155810d85d8db008ab4a18fab55a7f4bfe46238b8255269037eaed1252e8a4d01b68425557c664e0fee3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 484 wrote to memory of 3372	484	rundll32.exe	rundll32.exe
PID 484 wrote to memory of 3372	484	rundll32.exe	rundll32.exe
PID 484 wrote to memory of 3372	484	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1c1706d380fd2a149dc7bde40ee795a0ab3dc56aa665b13cbadd131a7aa2235.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:484

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1c1706d380fd2a149dc7bde40ee795a0ab3dc56aa665b13cbadd131a7aa2235.dll,#1
2⤵
PID:3372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3372-130-0x0000000000000000-mapping.dmp

Download
memory/3372-131-0x0000000000BB0000-0x0000000000C5E000-memory.dmp

Filesize
696KB

Download