798125fbad9e3b9b9b07b4b5f773137ae19667644cfd41a35526483a0b082bf0 | Triage

Analysis

max time kernel
125s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 04:26

Sharing

Report Analysis Logs

General

Target

798125fbad9e3b9b9b07b4b5f773137ae19667644cfd41a35526483a0b082bf0.dll
Size

3KB
MD5

45e71804b75b128539d74e52b142f700
SHA1

2e18c8867065439fb59e788bea3abda9a8e452c6
SHA256

798125fbad9e3b9b9b07b4b5f773137ae19667644cfd41a35526483a0b082bf0
SHA512

90cf30705b59d945157077324803427b88370775001f39620952d71852c0d94520f40ed530c6c46a8b421355e8a8ce778f571e3aa4e13d9ec4a6bc5722973ac5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 2508	1580	rundll32.exe	84
PID 1580 wrote to memory of 2508	1580	rundll32.exe	84
PID 1580 wrote to memory of 2508	1580	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\798125fbad9e3b9b9b07b4b5f773137ae19667644cfd41a35526483a0b082bf0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\798125fbad9e3b9b9b07b4b5f773137ae19667644cfd41a35526483a0b082bf0.dll,#1
  2⤵
  PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads