2bfda14b439fa52e95c4ea075948b4422e38627c1882a3ec8105afd4ddbd14c9 | Triage

Analysis

max time kernel
14s
max time network
2s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 14:23

Sharing

Report Analysis Logs

General

Target

2bfda14b439fa52e95c4ea075948b4422e38627c1882a3ec8105afd4ddbd14c9.dll
Size

3KB
MD5

66ff8f1cb0fecd35a68eae7bf19f5560
SHA1

2fd9324af9462666564674a3061a8543d92d4a70
SHA256

2bfda14b439fa52e95c4ea075948b4422e38627c1882a3ec8105afd4ddbd14c9
SHA512

f3d386d3a359bbc589aeae62aa71003f3232d88a1dba26acbd0fd9c78125727b938f7ac9fa13091256e625d8c652fe97adb5b4d103dad90f23566d738dc4d08d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 3080	1828	rundll32.exe	77
PID 1828 wrote to memory of 3080	1828	rundll32.exe	77
PID 1828 wrote to memory of 3080	1828	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bfda14b439fa52e95c4ea075948b4422e38627c1882a3ec8105afd4ddbd14c9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bfda14b439fa52e95c4ea075948b4422e38627c1882a3ec8105afd4ddbd14c9.dll,#1
  2⤵
  PID:3080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads