530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc | Triage

Analysis

max time kernel
142s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2022 20:19

Sharing

Report Analysis Logs

General

Target

530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll
Size

110KB
MD5

86042406b67b22e834bcd1a7cd7ebdd1
SHA1

5c17cfaa8cc413e95d3b6afc912ae418c48fb465
SHA256

530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc
SHA512

c86ff54f91f2e232e22aa3d37845dbffa130504341792a096709df8ff70b55760f1e2ff817c1a13643cde3b6ac610986808fb7dab7b9a94c575350a0b3fe6240

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4476 wrote to memory of 3128	4476	rundll32.exe	rundll32.exe
PID 4476 wrote to memory of 3128	4476	rundll32.exe	rundll32.exe
PID 4476 wrote to memory of 3128	4476	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4476

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll,#1
2⤵
PID:3128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3128-130-0x0000000000000000-mapping.dmp

Download