dab17e35a1209680afd76f89b24144064a344f4f9c1099c1c33727267e943a6a | Triage

Analysis

max time kernel
136s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 15:48

Sharing

Report Analysis Logs

General

Target

dab17e35a1209680afd76f89b24144064a344f4f9c1099c1c33727267e943a6a.dll
Size

3KB
MD5

6742389f57df1996ecc072bce8467409
SHA1

4377166975628d5ed577c6eb5e2dcd7033d966ea
SHA256

dab17e35a1209680afd76f89b24144064a344f4f9c1099c1c33727267e943a6a
SHA512

d02431aa507e32c5f814c237fbba7e73eb246937ee8b42aaff4b8e915d8077a7af093811116dcad3c00e8c03e4fe7098d3daf28ea8cc1de201bee4c0dc597d43

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 4656	1280	rundll32.exe	82
PID 1280 wrote to memory of 4656	1280	rundll32.exe	82
PID 1280 wrote to memory of 4656	1280	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dab17e35a1209680afd76f89b24144064a344f4f9c1099c1c33727267e943a6a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dab17e35a1209680afd76f89b24144064a344f4f9c1099c1c33727267e943a6a.dll,#1
  2⤵
  PID:4656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads