2bf08deca09bd82e9f33cab888b1802ab2acbad79cbf84413ee7864bbe2849ae | Triage

Analysis

max time kernel
83s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2022 16:41

Sharing

Report Analysis Logs

General

Target

1920-57-0x0000000000A80000-0x0000000000AA2000-memory.dll
Size

136KB
MD5

7848eda54da04f875c533afa6103a344
SHA1

1a60ca473b382f03640fbf10e2caceb92ba4b1db
SHA256

2bf08deca09bd82e9f33cab888b1802ab2acbad79cbf84413ee7864bbe2849ae
SHA512

7784cdff3eda39b59f51e500aa168413403bd9f3fc3c9e1c7c5559cc384a85a71b46d8c38e88285f6c856723f9dfb61cb4d48f345135368ee0d571f3b3cb94f1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3136 wrote to memory of 3856	3136	rundll32.exe	rundll32.exe
PID 3136 wrote to memory of 3856	3136	rundll32.exe	rundll32.exe
PID 3136 wrote to memory of 3856	3136	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1920-57-0x0000000000A80000-0x0000000000AA2000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1920-57-0x0000000000A80000-0x0000000000AA2000-memory.dll,#1
  2⤵
  PID:3856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3856-130-0x0000000000000000-mapping.dmp

Download