9c66a09e54adcea917b19ff962c0d91c710bc769e7935d1c28f84eb4aff6815c | Triage

Analysis

max time kernel
167s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 21:52

Sharing

Report Analysis Logs

General

Target

9c66a09e54adcea917b19ff962c0d91c710bc769e7935d1c28f84eb4aff6815c.dll
Size

3KB
MD5

7220d0184879e4258a67b89da74ab1b9
SHA1

0f6314f02f7dd6209bf23576a52bf63ac9769fda
SHA256

9c66a09e54adcea917b19ff962c0d91c710bc769e7935d1c28f84eb4aff6815c
SHA512

a93cdc0fe0f5054005bee2b72a7b477491983dd08af7eb05574eab274c28b97cebfb2d34b1e451ee21d3ccc15b66c39231b0d750fc1787e3113dc44773f85d6f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 2132	4068	rundll32.exe	80
PID 4068 wrote to memory of 2132	4068	rundll32.exe	80
PID 4068 wrote to memory of 2132	4068	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c66a09e54adcea917b19ff962c0d91c710bc769e7935d1c28f84eb4aff6815c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c66a09e54adcea917b19ff962c0d91c710bc769e7935d1c28f84eb4aff6815c.dll,#1
  2⤵
  PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads