960cc9f8e629a3f4d3fbededaed8327746ab94886c525492eea3a6fe88c932a8 | Triage

Analysis

max time kernel
147s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 06:43

Sharing

Report Analysis Logs

General

Target

960cc9f8e629a3f4d3fbededaed8327746ab94886c525492eea3a6fe88c932a8.dll
Size

3KB
MD5

6284537ab39dfa821ba5fa0070275c50
SHA1

290a9cdd1bcf384a110f9a81ac767ae19da2604e
SHA256

960cc9f8e629a3f4d3fbededaed8327746ab94886c525492eea3a6fe88c932a8
SHA512

a49a15466bf9cc39be3e10cf84718ce095b1d90364fa1adce472c94dc62748cff62cddb69fbc83d3f613b206958e946f4415d080bb47334a7797f8fde07f2135

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 3440	4736	rundll32.exe	79
PID 4736 wrote to memory of 3440	4736	rundll32.exe	79
PID 4736 wrote to memory of 3440	4736	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\960cc9f8e629a3f4d3fbededaed8327746ab94886c525492eea3a6fe88c932a8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\960cc9f8e629a3f4d3fbededaed8327746ab94886c525492eea3a6fe88c932a8.dll,#1
  2⤵
  PID:3440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads