2c843aae4ac8d85518cc39b457df5af2b8ec766ed23b86ec89e385d2c9cd0b1f | Triage

Analysis

max time kernel
166s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 21:44

Sharing

Report Analysis Logs

General

Target

2c843aae4ac8d85518cc39b457df5af2b8ec766ed23b86ec89e385d2c9cd0b1f.dll
Size

3KB
MD5

3bbcbbabf7edf309d8436fe882f0d9ee
SHA1

c0ed3f67f1c7820b49d82552fab1ffd55d4140c7
SHA256

2c843aae4ac8d85518cc39b457df5af2b8ec766ed23b86ec89e385d2c9cd0b1f
SHA512

cee0f45962798374165e65321c9a634866a9e8c65d6bdacd57a32c4492e0bcff7c61ccacb2d102cc66de19c8b7d445fa4716ca0a8fe734a9e7a832f9de16032e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 4144	4132	rundll32.exe	67
PID 4132 wrote to memory of 4144	4132	rundll32.exe	67
PID 4132 wrote to memory of 4144	4132	rundll32.exe	67

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c843aae4ac8d85518cc39b457df5af2b8ec766ed23b86ec89e385d2c9cd0b1f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c843aae4ac8d85518cc39b457df5af2b8ec766ed23b86ec89e385d2c9cd0b1f.dll,#1
  2⤵
  PID:4144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads