e11f5c071ec229b29baa2763a7a8175329e7196f331b0c2d970d1a9980e251ef | Triage

Analysis

max time kernel
85s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 16:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e11f5c071ec229b29baa2763a7a8175329e7196f331b0c2d970d1a9980e251ef.dll
Size

4KB
MD5

6280c6a4fda17e9c7f5fc6aa513d656d
SHA1

bf03a25d9d01b00d3e2a4962e9ce70607e263c28
SHA256

e11f5c071ec229b29baa2763a7a8175329e7196f331b0c2d970d1a9980e251ef
SHA512

c7b11978ae2b9097ef075fe68630be649b2d0aad652b3c0f3672403089c5b50186e0143efe2a097957736d1ce819417ee1ebb9ba254e33685893e0e053b168db

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 1192	2640	rundll32.exe	82
PID 2640 wrote to memory of 1192	2640	rundll32.exe	82
PID 2640 wrote to memory of 1192	2640	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e11f5c071ec229b29baa2763a7a8175329e7196f331b0c2d970d1a9980e251ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e11f5c071ec229b29baa2763a7a8175329e7196f331b0c2d970d1a9980e251ef.dll,#1
  2⤵
  PID:1192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads