5b44beda64f162f7162d366b976fe699d258ab7dad4ec610795349591ee589ed | Triage

Analysis

max time kernel
95s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2022 05:02

Sharing

Report Analysis Logs

General

Target

5b44beda64f162f7162d366b976fe699d258ab7dad4ec610795349591ee589ed.dll
Size

3KB
MD5

fa6abdb2cc8490ead41c1486e76f7087
SHA1

213b29212f5491bc3d1f50fa3b1d0db8a2e3c71c
SHA256

5b44beda64f162f7162d366b976fe699d258ab7dad4ec610795349591ee589ed
SHA512

c7bfd33370d48289840aa9e965b2a502666cb3809a0477ac0b8894987fd706e2a7eb6f47ed8e41eaa0975a4c79c8bd671368d3c99fe598078b748ea1e136990b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 3160	5068	rundll32.exe	79
PID 5068 wrote to memory of 3160	5068	rundll32.exe	79
PID 5068 wrote to memory of 3160	5068	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b44beda64f162f7162d366b976fe699d258ab7dad4ec610795349591ee589ed.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b44beda64f162f7162d366b976fe699d258ab7dad4ec610795349591ee589ed.dll,#1
  2⤵
  PID:3160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3160-132-0x0000000000000000-mapping.dmp

Download