604c2ab0a2b912406141d5fdf587ebe1b88347a32523a82c6fbcaf922ae4ed80 | Triage

Analysis

max time kernel
107s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2022 16:49

Sharing

Report Analysis Logs

General

Target

604c2ab0a2b912406141d5fdf587ebe1b88347a32523a82c6fbcaf922ae4ed80.dll
Size

67KB
MD5

3204a2da3b1729994bdb30ee2ac1c590
SHA1

4b787542f8749d3d3765e1ae34239d5b0f484641
SHA256

604c2ab0a2b912406141d5fdf587ebe1b88347a32523a82c6fbcaf922ae4ed80
SHA512

c81ff393929b522f1bf8fe1a47c554cf3a92cdfe9e54f2a3aeee159e7c8c07453533c67c462fdd0455f13204cbdae306d82b7cd00cbce52090033d36e79bcdd9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4336 wrote to memory of 3148	4336	rundll32.exe	rundll32.exe
PID 4336 wrote to memory of 3148	4336	rundll32.exe	rundll32.exe
PID 4336 wrote to memory of 3148	4336	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\604c2ab0a2b912406141d5fdf587ebe1b88347a32523a82c6fbcaf922ae4ed80.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4336

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\604c2ab0a2b912406141d5fdf587ebe1b88347a32523a82c6fbcaf922ae4ed80.dll,#1
2⤵
PID:3148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3148-130-0x0000000000000000-mapping.dmp

Download