e88833b218823c03d440700bd199a93754b126fc22b6db4a377ee1df99a84272 | Triage

Analysis

max time kernel
165s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2022 06:24

Sharing

Report Analysis Logs

General

Target

e88833b218823c03d440700bd199a93754b126fc22b6db4a377ee1df99a84272.dll
Size

3KB
MD5

424e8f61f812662b0fbc4c16b8e78cb0
SHA1

0096bcb39d617f6ebb3f2150745d74ed7c05ff3c
SHA256

e88833b218823c03d440700bd199a93754b126fc22b6db4a377ee1df99a84272
SHA512

a8124d16c7f230f23b1c7c55639984b57a1f638a7a41ae1dd83de11f2eab3b35e9e4f11f26dd70bc976a061bcbce5cc24ea8a029fbf0fd59f9c87718199bda0c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 1572	3888	rundll32.exe	81
PID 3888 wrote to memory of 1572	3888	rundll32.exe	81
PID 3888 wrote to memory of 1572	3888	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e88833b218823c03d440700bd199a93754b126fc22b6db4a377ee1df99a84272.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e88833b218823c03d440700bd199a93754b126fc22b6db4a377ee1df99a84272.dll,#1
  2⤵
  PID:1572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1572-132-0x0000000000000000-mapping.dmp

Download