0fa902b9a3cd0299b79c427036ca2a356292c76c7a85da1312860db02486ab36 | Triage

Analysis

max time kernel
144s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2022 11:08

Sharing

Report Analysis Logs

General

Target

1309.dll
Size

536KB
MD5

f724c9c1c66ffb25cfa2a1806cf5163c
SHA1

1afebb477e4da1d476ae03795a2007863d5bba45
SHA256

0fa902b9a3cd0299b79c427036ca2a356292c76c7a85da1312860db02486ab36
SHA512

c4f72aba68dcb274383be28a4c36a3918168ffbe457501362fc6f2e7956ae79a55042c290a661d5bf48db60a756e5784c4b47e85ee1aaef17a3f68cc3f4e3d06
SSDEEP

12288:OzxVoNEXfnRXaF0IsZQWkQsHipSzERvCey4CZfxz4um:UvoQfhE0IbRiLRq3bzp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4796 wrote to memory of 4788	4796	rundll32.exe	rundll32.exe
PID 4796 wrote to memory of 4788	4796	rundll32.exe	rundll32.exe
PID 4796 wrote to memory of 4788	4796	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1309.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4796

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1309.dll,#1
2⤵
PID:4788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4788-132-0x0000000000000000-mapping.dmp

Download
memory/4788-133-0x0000000000710000-0x0000000000798000-memory.dmp

Filesize
544KB

Download