c93944c924bc25056026fca8646a5db9cc03755a46bd76eba40329335a4d46e8 | Triage

Analysis

max time kernel
143s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2022 11:06

Sharing

Report Analysis Logs

General

Target

12.dll
Size

535KB
MD5

1890dec6809766b1409e74d082788a07
SHA1

e989e72e6bf3f26d1a4683c5d319ee5bc5eb1119
SHA256

c93944c924bc25056026fca8646a5db9cc03755a46bd76eba40329335a4d46e8
SHA512

e1759efcb890767801b1d45daa43cb8bf40cbb8e70bd181696443466fb07227f649e6b82ade758ba3e54fc18b8299e2a3254a34eda309c8f9c2c7f51d6fd8e6d
SSDEEP

12288:OzxVoNEXfnRXaF0IsZQWkQsHipSzERvCey4CZfxz4um:UvoQfhE0IbRiLRq3bzp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1016 wrote to memory of 2324	1016	rundll32.exe	rundll32.exe
PID 1016 wrote to memory of 2324	1016	rundll32.exe	rundll32.exe
PID 1016 wrote to memory of 2324	1016	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1016

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
2⤵
PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2324-132-0x0000000000000000-mapping.dmp

Download