34e15c4e4fdcf60cfc4e7560ac8280f2f7ef004cb54728c2da87603a9039bdf6 | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 04:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

34e15c4e4fdcf60cfc4e7560ac8280f2f7ef004cb54728c2da87603a9039bdf6.dll
Size

3KB
MD5

1c6aa8c9f9da7ae31c4800f0aff82038
SHA1

5c943ab41afa0d52ad2fd9af5aad2cfbd170c59a
SHA256

34e15c4e4fdcf60cfc4e7560ac8280f2f7ef004cb54728c2da87603a9039bdf6
SHA512

6d98b3ea7e3f0acf48abc0478439fd5edfb96a58a34599c0216e40a6edc0508fae6e05d378dbc84073656dc4cfb7f27959a1903b270b2ed658a92809ee86c66a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1180	1688	rundll32.exe	81
PID 1688 wrote to memory of 1180	1688	rundll32.exe	81
PID 1688 wrote to memory of 1180	1688	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\34e15c4e4fdcf60cfc4e7560ac8280f2f7ef004cb54728c2da87603a9039bdf6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\34e15c4e4fdcf60cfc4e7560ac8280f2f7ef004cb54728c2da87603a9039bdf6.dll,#1
  2⤵
  PID:1180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads