61db8a559b58f996cbd28582b515fd63d00345e9226788cba3e46df413de1339 | Triage

Analysis

max time kernel
146s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 06:44

Sharing

Report Analysis Logs

General

Target

61db8a559b58f996cbd28582b515fd63d00345e9226788cba3e46df413de1339.dll
Size

3KB
MD5

688e12099c98642582bf564b8318d5a0
SHA1

fd8f8d8a052934b2e11f89b00f5606339bfc5a55
SHA256

61db8a559b58f996cbd28582b515fd63d00345e9226788cba3e46df413de1339
SHA512

c5214f8eef2d5b82701ce5b8fc15b76de16478139c82f7a1db8d05cc229438d72c0d09b0f2a165a0a3103276eb9c659637deff2fe8a0d4811c61a9e0ca1e68b9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 1224	872	rundll32.exe	81
PID 872 wrote to memory of 1224	872	rundll32.exe	81
PID 872 wrote to memory of 1224	872	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61db8a559b58f996cbd28582b515fd63d00345e9226788cba3e46df413de1339.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61db8a559b58f996cbd28582b515fd63d00345e9226788cba3e46df413de1339.dll,#1
  2⤵
  PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads