30f9ca0599b31eeb9b8c89aef7b31a56f672490d9474e56843d5ecd54b836b69 | Triage

Analysis

max time kernel
156s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2022 05:00

Sharing

Report Analysis Logs

General

Target

30f9ca0599b31eeb9b8c89aef7b31a56f672490d9474e56843d5ecd54b836b69.dll
Size

3KB
MD5

3af6e6667607995e2d11a5352b1ffbf4
SHA1

3596f28eae7fc01c6b04d097522b5580dba5e0cc
SHA256

30f9ca0599b31eeb9b8c89aef7b31a56f672490d9474e56843d5ecd54b836b69
SHA512

e6eb8680dbc3c9da69a2793cde88398bd9bf4d9de96a3419a678f78858418bf6c419916b8a4282a19b77c2be0dd996e94e6769145ff00c41053188b1f74ba8da

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 3708	4876	rundll32.exe	82
PID 4876 wrote to memory of 3708	4876	rundll32.exe	82
PID 4876 wrote to memory of 3708	4876	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\30f9ca0599b31eeb9b8c89aef7b31a56f672490d9474e56843d5ecd54b836b69.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\30f9ca0599b31eeb9b8c89aef7b31a56f672490d9474e56843d5ecd54b836b69.dll,#1
  2⤵
  PID:3708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3708-132-0x0000000000000000-mapping.dmp

Download