5e9a225092478d3f2b89a269405e037fcda8fff901442f4d1555012652c6aa44 | Triage

Analysis

max time kernel
187s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2022 19:47

Sharing

Report Analysis Logs

General

Target

5e9a225092478d3f2b89a269405e037fcda8fff901442f4d1555012652c6aa44.dll
Size

5KB
MD5

0b324c7e60d9a207a834338e026f83c2
SHA1

d6b82a45fb4df63f3bc46c1925d8134dbe7b1419
SHA256

5e9a225092478d3f2b89a269405e037fcda8fff901442f4d1555012652c6aa44
SHA512

15e0f149b26a004d3633a080fceaa4f72ab56180da81df037e6460d2105f0b9aeb7249efd528a6df2e2cb014a706fd122aac0a38982c84f4462563bf2b3637f8

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 6 IoCs

Processes:

rundll32.exe

flow pid process

32 2952 rundll32.exe
32 2952 rundll32.exe
32 2952 rundll32.exe
32 2952 rundll32.exe
32 2952 rundll32.exe
32 2952 rundll32.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

rundll32.exe

description pid process target process

PID 4432 set thread context of 2952 4432 rundll32.exe rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 632 wrote to memory of 4432	632	rundll32.exe	rundll32.exe
PID 632 wrote to memory of 4432	632	rundll32.exe	rundll32.exe
PID 632 wrote to memory of 4432	632	rundll32.exe	rundll32.exe
PID 4432 wrote to memory of 2952	4432	rundll32.exe	rundll32.exe
PID 4432 wrote to memory of 2952	4432	rundll32.exe	rundll32.exe
PID 4432 wrote to memory of 2952	4432	rundll32.exe	rundll32.exe
PID 4432 wrote to memory of 2952	4432	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e9a225092478d3f2b89a269405e037fcda8fff901442f4d1555012652c6aa44.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:632

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e9a225092478d3f2b89a269405e037fcda8fff901442f4d1555012652c6aa44.dll,#1
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe
3⤵
- Blocklisted process makes network request
PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2952-131-0x0000000000000000-mapping.dmp

Download
memory/4432-130-0x0000000000000000-mapping.dmp

Download