f115d5f65a8a5092087c81a4f646c278b66073d7168fc54f5c76d1f79db7ee02 | Triage

Analysis

max time kernel
130s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2022 14:20

Sharing

Report Analysis Logs

General

Target

f115d5f65a8a5092087c81a4f646c278b66073d7168fc54f5c76d1f79db7ee02.dll
Size

3KB
MD5

64eac25ab93581f842c0abf789483cd0
SHA1

b6684804853050c53a0c517995e68dac1381d2c7
SHA256

f115d5f65a8a5092087c81a4f646c278b66073d7168fc54f5c76d1f79db7ee02
SHA512

c7bb0a84dcdb76a009aa34cea3146b8a50d8cf16932e1362223bbbaa6ec7bcb6cefbbf1a11d7f4bf4bbdb88489abf6715e5e229b69d88809af1afd9dda651366

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 4992	4144	rundll32.exe	82
PID 4144 wrote to memory of 4992	4144	rundll32.exe	82
PID 4144 wrote to memory of 4992	4144	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f115d5f65a8a5092087c81a4f646c278b66073d7168fc54f5c76d1f79db7ee02.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f115d5f65a8a5092087c81a4f646c278b66073d7168fc54f5c76d1f79db7ee02.dll,#1
  2⤵
  PID:4992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4992-132-0x0000000000000000-mapping.dmp

Download