f45af934fca0ed1abf5709f7fe94abe910ac0131aaa29fec94d80e21023e2d46 | Triage

Analysis

max time kernel
90s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
resource tags

arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2022 19:40

Sharing

Report Analysis Logs

General

Target

sample.dll
Size

663KB
MD5

2d363fc623f26cb327738421969bef35
SHA1

ca0468e13913a567e2d214da65242c0cea127807
SHA256

f45af934fca0ed1abf5709f7fe94abe910ac0131aaa29fec94d80e21023e2d46
SHA512

22a6b27e563269f575b37daa65c5aabed71304df03576c8222e16bbd5f04e043e3716497f2411836ef68c162ae4ffb2878a4bd96141adf9e4346c9138c2522b1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3184 wrote to memory of 4588	3184	rundll32.exe	rundll32.exe
PID 3184 wrote to memory of 4588	3184	rundll32.exe	rundll32.exe
PID 3184 wrote to memory of 4588	3184	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sample.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\sample.dll,#1
  2⤵
  PID:4588

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4588-130-0x0000000000000000-mapping.dmp

Download