1e9b1437b19ca119f83909c210f18e5c5f356c723ce1eb7dbe1b0125ff4fca74 | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 15:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1e9b1437b19ca119f83909c210f18e5c5f356c723ce1eb7dbe1b0125ff4fca74.dll
Size

4KB
MD5

6e10c837cc3f8775d786504e16600028
SHA1

f75dd9099f2f11082a7cdd83626e35826caa54ed
SHA256

1e9b1437b19ca119f83909c210f18e5c5f356c723ce1eb7dbe1b0125ff4fca74
SHA512

aa007159f50b670b35f4597e61ebc887c290012fda28e201c54aef6232263175aea9f4b6f80a8734bed08e425a3bfbe3d8ddd30e539524dbd6ee45acb2b79491

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 4880	4488	rundll32.exe	61
PID 4488 wrote to memory of 4880	4488	rundll32.exe	61
PID 4488 wrote to memory of 4880	4488	rundll32.exe	61

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e9b1437b19ca119f83909c210f18e5c5f356c723ce1eb7dbe1b0125ff4fca74.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e9b1437b19ca119f83909c210f18e5c5f356c723ce1eb7dbe1b0125ff4fca74.dll,#1
  2⤵
  PID:4880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads