b65e59a59588bf30bd411fba2b697963c5c67ef471413251552fbc778eee2061 | Triage

Analysis

max time kernel
91s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12-07-2022 07:03

Sharing

Report Analysis Logs

General

Target

b65e59a59588bf30bd411fba2b697963c5c67ef471413251552fbc778eee2061.dll
Size

686KB
MD5

704ffc4e9bd7871d5d12b96263a4c06a
SHA1

926bee50419fbeb4f3142957d1fad98f19ac7e4a
SHA256

b65e59a59588bf30bd411fba2b697963c5c67ef471413251552fbc778eee2061
SHA512

61dc16e51c2f09089929afb480406888fc97269769308004b7ee98568683a95e9d90bb8a244cf0ea4b122cb6e3b6f487dca279bf7651bd2249de6050e012dd83

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4576 wrote to memory of 3764	4576	rundll32.exe	rundll32.exe
PID 4576 wrote to memory of 3764	4576	rundll32.exe	rundll32.exe
PID 4576 wrote to memory of 3764	4576	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b65e59a59588bf30bd411fba2b697963c5c67ef471413251552fbc778eee2061.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4576

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b65e59a59588bf30bd411fba2b697963c5c67ef471413251552fbc778eee2061.dll,#1
2⤵
PID:3764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3764-130-0x0000000000000000-mapping.dmp

Download