554a82dc2803928aef17c5ed61cc612ef04ffa4c1abeeba1d62eca907292225c | Triage

Analysis

max time kernel
92s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12-07-2022 08:11

Sharing

Report Analysis Logs

General

Target

948-57-0x0000000000210000-0x0000000000232000-memory.dll
Size

136KB
MD5

ef008f3247c80a4882bc651230ac4aff
SHA1

e930c2e8d6892c0f8f284965bde1523df711c799
SHA256

554a82dc2803928aef17c5ed61cc612ef04ffa4c1abeeba1d62eca907292225c
SHA512

650150ffd741f7cb5999b0fc0440902dc1e806dd935b6ee28b1cae02c5fa21551a258844e5c19895d327d65c7a4e8b5f8fcf53f56215db7ffda5159dfe090947

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4380 wrote to memory of 3360	4380	rundll32.exe	rundll32.exe
PID 4380 wrote to memory of 3360	4380	rundll32.exe	rundll32.exe
PID 4380 wrote to memory of 3360	4380	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\948-57-0x0000000000210000-0x0000000000232000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\948-57-0x0000000000210000-0x0000000000232000-memory.dll,#1
  2⤵
  PID:3360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3360-130-0x0000000000000000-mapping.dmp

Download