729b780f091acc1f6a6d23a1a75061ae7f9be2ab81deb370c0436a1da80a1fa8 | Triage

Analysis

max time kernel
92s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 06:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

729b780f091acc1f6a6d23a1a75061ae7f9be2ab81deb370c0436a1da80a1fa8.dll
Size

3KB
MD5

68a1819e4f4ce7ab4a29b214749eaa70
SHA1

b1c0f4c5fc648b7130c371da4f04c2d06ab80454
SHA256

729b780f091acc1f6a6d23a1a75061ae7f9be2ab81deb370c0436a1da80a1fa8
SHA512

2996b6840da6a9503393b21e6718977e6d70917ff88d7f7c9470dc9ef0ac7c6a37ffefe09e032294ac7e2403de019f782ba45891fbe58060aa1eacd04d40e02a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 1528	3192	rundll32.exe	61
PID 3192 wrote to memory of 1528	3192	rundll32.exe	61
PID 3192 wrote to memory of 1528	3192	rundll32.exe	61

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\729b780f091acc1f6a6d23a1a75061ae7f9be2ab81deb370c0436a1da80a1fa8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\729b780f091acc1f6a6d23a1a75061ae7f9be2ab81deb370c0436a1da80a1fa8.dll,#1
  2⤵
  PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads