12cd1c47f0f2dbce7c0e4f75a63557d3708d684969ab64dd637ae7bd2e1e7efe | Triage

Analysis

max time kernel
127s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 15:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12cd1c47f0f2dbce7c0e4f75a63557d3708d684969ab64dd637ae7bd2e1e7efe.dll
Size

3KB
MD5

4a2150940f317d27b310b490789c0393
SHA1

fc98f9d4d2989747774e0506c044e1b4d5c4e123
SHA256

12cd1c47f0f2dbce7c0e4f75a63557d3708d684969ab64dd637ae7bd2e1e7efe
SHA512

819bc54f6626bfb7977c07f3242537f15913c9b013afd2b89bb09be717ac6ac195821ae66ce47d462c5d237d9f4dab13ace8d5e47bbb659d1f6e8ec541cd2978

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 4424	5040	rundll32.exe	27
PID 5040 wrote to memory of 4424	5040	rundll32.exe	27
PID 5040 wrote to memory of 4424	5040	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12cd1c47f0f2dbce7c0e4f75a63557d3708d684969ab64dd637ae7bd2e1e7efe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12cd1c47f0f2dbce7c0e4f75a63557d3708d684969ab64dd637ae7bd2e1e7efe.dll,#1
  2⤵
  PID:4424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads