33ae5e6746afd6a186925e900abfc204faa575c5f97b51c38471a9b9d5983d4c | Triage

Analysis

max time kernel
151s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 04:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33ae5e6746afd6a186925e900abfc204faa575c5f97b51c38471a9b9d5983d4c.dll
Size

3KB
MD5

eb39c7cc8d0db95d4cdc0e60d9f9f388
SHA1

9430fa7240dc39d51af103fcb5c9e26bcdd79dda
SHA256

33ae5e6746afd6a186925e900abfc204faa575c5f97b51c38471a9b9d5983d4c
SHA512

f14e906cccad16c492a7df54b569abcd52d04357218fac34a4eeb3dcb22114a92e5bf40167b2cbb8bdbf4999a08e8550513860dcbb9db9f84aa6d6c2346db4df

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2224	2268	rundll32.exe	80
PID 2268 wrote to memory of 2224	2268	rundll32.exe	80
PID 2268 wrote to memory of 2224	2268	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33ae5e6746afd6a186925e900abfc204faa575c5f97b51c38471a9b9d5983d4c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\33ae5e6746afd6a186925e900abfc204faa575c5f97b51c38471a9b9d5983d4c.dll,#1
  2⤵
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads