45e9371b885344f2cea2934fba5dfd8026667789842350b7ed8fe2f888a1217a | Triage

Analysis

max time kernel
134s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12-07-2022 07:47

Sharing

Report Analysis Logs

General

Target

1088-57-0x0000000001EA0000-0x0000000001EC2000-memory.dll
Size

136KB
MD5

00382964c6ea1fe7bcdf01175b21b06c
SHA1

4d301a18bfeaa0c726e76377fa721c0f4092fe27
SHA256

45e9371b885344f2cea2934fba5dfd8026667789842350b7ed8fe2f888a1217a
SHA512

2d7671508f87fef256025c3fcb8163849c014ecb99626b75e4a333d66c75c8593bd1173049698a14e5bcfa6f632674db304283c96ffd69cc21de22a83d52ded9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4016 wrote to memory of 4784	4016	rundll32.exe	rundll32.exe
PID 4016 wrote to memory of 4784	4016	rundll32.exe	rundll32.exe
PID 4016 wrote to memory of 4784	4016	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1088-57-0x0000000001EA0000-0x0000000001EC2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4016

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1088-57-0x0000000001EA0000-0x0000000001EC2000-memory.dll,#1
2⤵
PID:4784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4784-130-0x0000000000000000-mapping.dmp

Download