64185422ed9737a49d84454c0a58e3f06c4137080e5a28363a951c8c489cb96e | Triage

Analysis

max time kernel
167s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 07:02

Sharing

Report Analysis Logs

General

Target

64185422ed9737a49d84454c0a58e3f06c4137080e5a28363a951c8c489cb96e.dll
Size

3KB
MD5

6741de977d2a2a9043c8ebc5b1f91090
SHA1

758d89efb089f50ffe4abae687896905e61a76a0
SHA256

64185422ed9737a49d84454c0a58e3f06c4137080e5a28363a951c8c489cb96e
SHA512

d04dde5cdbefcde69a4ad567d2991d990d08298095edeaae30088e25980db439fa977d860b8e0869970726a82150f64dd01cef6fdbd0a89eddbf194fd79fa684

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 3836	2896	rundll32.exe	81
PID 2896 wrote to memory of 3836	2896	rundll32.exe	81
PID 2896 wrote to memory of 3836	2896	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\64185422ed9737a49d84454c0a58e3f06c4137080e5a28363a951c8c489cb96e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\64185422ed9737a49d84454c0a58e3f06c4137080e5a28363a951c8c489cb96e.dll,#1
  2⤵
  PID:3836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads