71314a5df3ef871ffde3254b4b233e8f34aee3dc0edb7584b258455b16e29475 | Triage

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 21:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

71314a5df3ef871ffde3254b4b233e8f34aee3dc0edb7584b258455b16e29475.dll
Size

3KB
MD5

5dfda2bb03e0219db39e4a4ad8457900
SHA1

4027a85bfc4db298193de09ffa3acf50632169f9
SHA256

71314a5df3ef871ffde3254b4b233e8f34aee3dc0edb7584b258455b16e29475
SHA512

99bd0cbef504ed48fc266f41b6077dfe07d761a0543f5d26dd6fbf34406ae2e21b8da84da655e11de865e87f6212e424c6c958a3b18e098ebcf293675b42aa94

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 3408	456	rundll32.exe	49
PID 456 wrote to memory of 3408	456	rundll32.exe	49
PID 456 wrote to memory of 3408	456	rundll32.exe	49

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\71314a5df3ef871ffde3254b4b233e8f34aee3dc0edb7584b258455b16e29475.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\71314a5df3ef871ffde3254b4b233e8f34aee3dc0edb7584b258455b16e29475.dll,#1
  2⤵
  PID:3408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads