61610ddaf0f51ad6c8de5933149f461d975f83a44ef33b6d88cd7b2a2b7e49d4 | Triage

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 06:44

Sharing

Report Analysis Logs

General

Target

61610ddaf0f51ad6c8de5933149f461d975f83a44ef33b6d88cd7b2a2b7e49d4.dll
Size

3KB
MD5

647ab10a8817f27c4634e3e36a35cda0
SHA1

1d5005db7a07d3cefc175cdb313f91daee0f73e4
SHA256

61610ddaf0f51ad6c8de5933149f461d975f83a44ef33b6d88cd7b2a2b7e49d4
SHA512

bb221dfdaa288ea71c4170837852b6da57da4c214bc826858f2f470f741073be246fc7f805bc509976eef6baeffe61ff721a0e32d260daf6b8189b555143fef5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2560	2860	rundll32.exe	82
PID 2860 wrote to memory of 2560	2860	rundll32.exe	82
PID 2860 wrote to memory of 2560	2860	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61610ddaf0f51ad6c8de5933149f461d975f83a44ef33b6d88cd7b2a2b7e49d4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61610ddaf0f51ad6c8de5933149f461d975f83a44ef33b6d88cd7b2a2b7e49d4.dll,#1
  2⤵
  PID:2560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads