54eb422f8f49fd1af79a2527ad6a76b5abc4d35716991599630b6460fd680dfc | Triage

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2022 04:50

Sharing

Report Analysis Logs

General

Target

54eb422f8f49fd1af79a2527ad6a76b5abc4d35716991599630b6460fd680dfc.dll
Size

3KB
MD5

f24371073a8d9811134c5dc114b35035
SHA1

83f2047b1051238fd0f4b5c4fa69b73c72920b38
SHA256

54eb422f8f49fd1af79a2527ad6a76b5abc4d35716991599630b6460fd680dfc
SHA512

0d90bacfd3cf142b31d9f8b1b29add62cea3e4b4fa245edde1246c52e844817d364ed7388de11c5b2e1b7bc40f3fff93574a3a839fb6c4980ff951e8c78261dd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 4644	1576	rundll32.exe	83
PID 1576 wrote to memory of 4644	1576	rundll32.exe	83
PID 1576 wrote to memory of 4644	1576	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\54eb422f8f49fd1af79a2527ad6a76b5abc4d35716991599630b6460fd680dfc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\54eb422f8f49fd1af79a2527ad6a76b5abc4d35716991599630b6460fd680dfc.dll,#1
  2⤵
  PID:4644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads