d64c836024979defee7a5e0b311d11310c84ffbc5df8f1c66678b7edb4a50adf | Triage

Analysis

max time kernel
133s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 21:51

Sharing

Report Analysis Logs

General

Target

d64c836024979defee7a5e0b311d11310c84ffbc5df8f1c66678b7edb4a50adf.dll
Size

3KB
MD5

6c71b52434b1de951d57cf5babba3e5e
SHA1

7848945ca67134e0fa1dfd3e5fd205f0ffc8dfe6
SHA256

d64c836024979defee7a5e0b311d11310c84ffbc5df8f1c66678b7edb4a50adf
SHA512

996f0fde27a69652ec4238d72628aadedc39220fda51d5d0094a58ca7c5a7525780d142be70bee712b868825857a66f4154814ec8bbf60175b38a892f4dc9baf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 4864	4916	rundll32.exe	84
PID 4916 wrote to memory of 4864	4916	rundll32.exe	84
PID 4916 wrote to memory of 4864	4916	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d64c836024979defee7a5e0b311d11310c84ffbc5df8f1c66678b7edb4a50adf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d64c836024979defee7a5e0b311d11310c84ffbc5df8f1c66678b7edb4a50adf.dll,#1
  2⤵
  PID:4864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads