0f536d38d28d16866a698b0e4eab6e54312f9f032f16f72b6fb888319867e101 | Triage

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 06:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0f536d38d28d16866a698b0e4eab6e54312f9f032f16f72b6fb888319867e101.dll
Size

3KB
MD5

5f62774cf411cec02451d4ef7074383e
SHA1

10d6aaeade3bedcdc8b2054acc15e25b02c3d6f8
SHA256

0f536d38d28d16866a698b0e4eab6e54312f9f032f16f72b6fb888319867e101
SHA512

70cf7c91834d7b40ac2839eedef1d3e58b171914dd4d75ffd0accf266b22f710ac45306695dfe2aa7ae36ec4cdd224cec726a308b244875e83f7fabee3e2b079

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 4496	448	rundll32.exe	82
PID 448 wrote to memory of 4496	448	rundll32.exe	82
PID 448 wrote to memory of 4496	448	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f536d38d28d16866a698b0e4eab6e54312f9f032f16f72b6fb888319867e101.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f536d38d28d16866a698b0e4eab6e54312f9f032f16f72b6fb888319867e101.dll,#1
  2⤵
  PID:4496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads