1b48a2865afc077356addbcd15f95ef9fc3cb110a909b5538c2bfeaba77d2eeb | Triage

Analysis

max time kernel
154s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 03:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1b48a2865afc077356addbcd15f95ef9fc3cb110a909b5538c2bfeaba77d2eeb.dll
Size

3KB
MD5

6218068288e315ad80bc0c038f28d3c0
SHA1

9686adfb0841a22a3f083ddc0320516d2c5feaf9
SHA256

1b48a2865afc077356addbcd15f95ef9fc3cb110a909b5538c2bfeaba77d2eeb
SHA512

68a04d34cccd6aca8078c9fa4856268804a71cbd1998f0288d632f02426f5271a2447733059011f189ea25660d88b2ddf949532e4394be94d986e328d8cc2e37

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 1608	2512	rundll32.exe	82
PID 2512 wrote to memory of 1608	2512	rundll32.exe	82
PID 2512 wrote to memory of 1608	2512	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b48a2865afc077356addbcd15f95ef9fc3cb110a909b5538c2bfeaba77d2eeb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b48a2865afc077356addbcd15f95ef9fc3cb110a909b5538c2bfeaba77d2eeb.dll,#1
  2⤵
  PID:1608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads