33571ada69b1c7b27069a55684935b347f9482f853ecbd7d3a184c6a821e7842 | Triage

Analysis

max time kernel
157s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2022, 19:37

Sharing

Report Analysis Logs

General

Target

33571ada69b1c7b27069a55684935b347f9482f853ecbd7d3a184c6a821e7842.dll
Size

3KB
MD5

74077db156dceb97d53cc27f31506e7d
SHA1

d45b3b98ed2ecf0b543256bbd087dd50b042bec1
SHA256

33571ada69b1c7b27069a55684935b347f9482f853ecbd7d3a184c6a821e7842
SHA512

2bbb46e99eecf72397e262f0596c83c79d74176321a8c391436ef808a0bb5a60105b64ef74c57941c1e43007983f95cf22725b6025563da032a788b02fec8f4a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 2184	4532	rundll32.exe	80
PID 4532 wrote to memory of 2184	4532	rundll32.exe	80
PID 4532 wrote to memory of 2184	4532	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33571ada69b1c7b27069a55684935b347f9482f853ecbd7d3a184c6a821e7842.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\33571ada69b1c7b27069a55684935b347f9482f853ecbd7d3a184c6a821e7842.dll,#1
  2⤵
  PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads