d60e7ecf289ce15079380f2b560f36e6e83a43183c07a93365201ad8fea1e873 | Triage

Analysis

max time kernel
169s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2022, 14:20

Sharing

Report Analysis Logs

General

Target

d60e7ecf289ce15079380f2b560f36e6e83a43183c07a93365201ad8fea1e873.dll
Size

3KB
MD5

65d42ddc7b28d9c87462196bf47c2590
SHA1

fac111bb3134dba22529f7f6e323143b8e58674c
SHA256

d60e7ecf289ce15079380f2b560f36e6e83a43183c07a93365201ad8fea1e873
SHA512

65b1dd6f2ee7fc93310d9a3ccdc9db57f86a7cd3ccdb68397c7a7546f6247f5a84c148b4f7c5aa070165f20ff52952fdb55db429f312df47417decba7a7a1d7c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 920	3576	rundll32.exe	38
PID 3576 wrote to memory of 920	3576	rundll32.exe	38
PID 3576 wrote to memory of 920	3576	rundll32.exe	38

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d60e7ecf289ce15079380f2b560f36e6e83a43183c07a93365201ad8fea1e873.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d60e7ecf289ce15079380f2b560f36e6e83a43183c07a93365201ad8fea1e873.dll,#1
  2⤵
  PID:920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads