540572eeb170ec412d3f05cb567e7003c56a8af80e2053f20114c702fd8aaa49 | Triage

Analysis

max time kernel
115s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2022, 02:54

Sharing

Report Analysis Logs

General

Target

kernel64.sys.dll
Size

3.7MB
MD5

f9692149cbb3849d6cfcd21e7867f06d
SHA1

0d7a03723e63fade925228bc39d40ed3861b0387
SHA256

540572eeb170ec412d3f05cb567e7003c56a8af80e2053f20114c702fd8aaa49
SHA512

fcf843cd22ffa661978ee6f4bae01fe78971d77db94a444540215ea599cdb4aa05461909031570524de12b0bc2e9e80bb1fef7dbce7b5243e7a68e8a79e0d1c9
SSDEEP

98304:xhT4PdX6GyCsnv1Z7atMC5z/auwzLPwtv7UiJToNn:xGPdX6LCMatMQz//w3wtzU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 3344	1680	rundll32.exe	83
PID 1680 wrote to memory of 3344	1680	rundll32.exe	83
PID 1680 wrote to memory of 3344	1680	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\kernel64.sys.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\kernel64.sys.dll,#1
  2⤵
  PID:3344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3344-133-0x0000000074490000-0x00000000749EC000-memory.dmp

Filesize
5.4MB

Download