d3197bc349955cb824994ee67005c97322aa26c17f99e133ef58ccc76a589815 | Triage

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 10:01

Sharing

Report Analysis Logs

General

Target

d3197bc349955cb824994ee67005c97322aa26c17f99e133ef58ccc76a589815.dll
Size

3KB
MD5

5d8b43d0b82eb7c26324716eed223ee1
SHA1

3af13c72ec07e51456ad09c61bcb1dc736bdd01e
SHA256

d3197bc349955cb824994ee67005c97322aa26c17f99e133ef58ccc76a589815
SHA512

c54db47ba125f9d563c3fa830d1fdb4bdc364b35123cd1f835b6f098df96d372b38b26129491ebe439f775a2526cc2fc88a41228ea1233398ece52af56f9cc2b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 4064	2508	rundll32.exe	84
PID 2508 wrote to memory of 4064	2508	rundll32.exe	84
PID 2508 wrote to memory of 4064	2508	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3197bc349955cb824994ee67005c97322aa26c17f99e133ef58ccc76a589815.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3197bc349955cb824994ee67005c97322aa26c17f99e133ef58ccc76a589815.dll,#1
  2⤵
  PID:4064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads