5edcad81ab74ed774fe21feccfe12ba0f1f381e0952db3a4267b671ddce5aea0 | Triage

Analysis

max time kernel
124s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2022 21:15

Sharing

Report Analysis Logs

General

Target

5edcad81ab74ed774fe21feccfe12ba0f1f381e0952db3a4267b671ddce5aea0.dll
Size

164KB
MD5

d886d51b2540ea15d209ff230085d4e9
SHA1

c351a44ebade3632570e67d8d1bd109848b66dd6
SHA256

5edcad81ab74ed774fe21feccfe12ba0f1f381e0952db3a4267b671ddce5aea0
SHA512

1112b4bf6f48298d23602a8a65bbacbdf4c20b37acbafecc0b995dcec99edcb4da75c1093712513e5bf87fffb9c076eb48dbf04f61ab8de239d6183d2265044b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4404 wrote to memory of 1884	4404	rundll32.exe	rundll32.exe
PID 4404 wrote to memory of 1884	4404	rundll32.exe	rundll32.exe
PID 4404 wrote to memory of 1884	4404	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5edcad81ab74ed774fe21feccfe12ba0f1f381e0952db3a4267b671ddce5aea0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4404

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5edcad81ab74ed774fe21feccfe12ba0f1f381e0952db3a4267b671ddce5aea0.dll,#1
2⤵
PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-130-0x0000000000000000-mapping.dmp

Download