9d29ab81df3eff4431d9ba62089b6964661baa3e47fa827c9bbc42d9de2ea87a | Triage

Analysis

max time kernel
159s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 03:36

Sharing

Report Analysis Logs

General

Target

9d29ab81df3eff4431d9ba62089b6964661baa3e47fa827c9bbc42d9de2ea87a.dll
Size

3KB
MD5

6dd82606e87d627ae4acc01c6e8c9240
SHA1

248f089fc757e5529b29795b3632b29ec447f167
SHA256

9d29ab81df3eff4431d9ba62089b6964661baa3e47fa827c9bbc42d9de2ea87a
SHA512

ed580ee9c7d40d99820cad39060d6706c49318ea8221a57c3b8e6e2399d8ff58ab4022d3eb3b83d387f64d3df05b52c67ece40b3ef8d03af325121beca62891f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 5020	4280	rundll32.exe	82
PID 4280 wrote to memory of 5020	4280	rundll32.exe	82
PID 4280 wrote to memory of 5020	4280	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d29ab81df3eff4431d9ba62089b6964661baa3e47fa827c9bbc42d9de2ea87a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d29ab81df3eff4431d9ba62089b6964661baa3e47fa827c9bbc42d9de2ea87a.dll,#1
  2⤵
  PID:5020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads