4e710d2280184095246cb727b7595c744728d50ec3cda5a922665af8e1eafc68 | Triage

Analysis

max time kernel
158s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 07:00

Sharing

Report Analysis Logs

General

Target

4e710d2280184095246cb727b7595c744728d50ec3cda5a922665af8e1eafc68.dll
Size

3KB
MD5

061d9b750c121447e3c49323418c815b
SHA1

9b1885ce3a1180e299fa98611d3093abb4210eab
SHA256

4e710d2280184095246cb727b7595c744728d50ec3cda5a922665af8e1eafc68
SHA512

d0692796dc10cd53a0c8bb74ac8d251ab8c901b6ec33fdd68c660b1327f1c10e95b3b41759fd26cbd811b6d49d047b7c42cfab9a5bb7554833c4fa38254a21b4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 4180	4388	rundll32.exe	83
PID 4388 wrote to memory of 4180	4388	rundll32.exe	83
PID 4388 wrote to memory of 4180	4388	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e710d2280184095246cb727b7595c744728d50ec3cda5a922665af8e1eafc68.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e710d2280184095246cb727b7595c744728d50ec3cda5a922665af8e1eafc68.dll,#1
  2⤵
  PID:4180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads