c1cbc33ffd320ea7657a732db883c989370e501fd902dcabfc8a1924b9e4d16b | Triage

Analysis

max time kernel
153s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220722-en
resource tags

arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2022 05:37

Sharing

Report Analysis Logs

General

Target

c1cbc33ffd320ea7657a732db883c989370e501fd902dcabfc8a1924b9e4d16b.dll
Size

138KB
MD5

ea193f350cbcdd48d5bd55e7ea934838
SHA1

b22ca46d1da866f4675916580cf2e8cb690f984b
SHA256

c1cbc33ffd320ea7657a732db883c989370e501fd902dcabfc8a1924b9e4d16b
SHA512

b84dec2a5a9f01d051021018e3f67fc545c11b1d3aec329e95495d411fa7d761feac66034eeea33974260b8c9974111897a51fb50bd68ec71e507d4bcdc22e65

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4288 wrote to memory of 3216	4288	rundll32.exe	rundll32.exe
PID 4288 wrote to memory of 3216	4288	rundll32.exe	rundll32.exe
PID 4288 wrote to memory of 3216	4288	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1cbc33ffd320ea7657a732db883c989370e501fd902dcabfc8a1924b9e4d16b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4288

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1cbc33ffd320ea7657a732db883c989370e501fd902dcabfc8a1924b9e4d16b.dll,#1
2⤵
PID:3216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3216-132-0x0000000000000000-mapping.dmp

Download