a26591d9564954114ff62ae5fd31bf1af8a9c3caaaca62c263ab6cbe6bc061f7 | Triage

Analysis

max time kernel
148s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 16:53

Sharing

Report Analysis Logs

General

Target

a26591d9564954114ff62ae5fd31bf1af8a9c3caaaca62c263ab6cbe6bc061f7.dll
Size

3KB
MD5

397094cdb8840a2a197e4f61e16ac132
SHA1

3e9a5150e8ead17c49e0e947a648ed800491ba7f
SHA256

a26591d9564954114ff62ae5fd31bf1af8a9c3caaaca62c263ab6cbe6bc061f7
SHA512

bfdaa26d1f446ac638ac6d3b49b6d510c4ebfa62f0da51bfbb00593f234ae08c4d34f65044de4f0888b278cb6d0ae632a8e6b4f8c6ac76bc18317fe32093cd73

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 1660	2632	rundll32.exe	81
PID 2632 wrote to memory of 1660	2632	rundll32.exe	81
PID 2632 wrote to memory of 1660	2632	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a26591d9564954114ff62ae5fd31bf1af8a9c3caaaca62c263ab6cbe6bc061f7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a26591d9564954114ff62ae5fd31bf1af8a9c3caaaca62c263ab6cbe6bc061f7.dll,#1
  2⤵
  PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads