111595e9361fb4950ea32b41b7b4408c4f08db59baf74ff65c2454a167fe498f | Triage

Analysis

max time kernel
133s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 13:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

111595e9361fb4950ea32b41b7b4408c4f08db59baf74ff65c2454a167fe498f.dll
Size

3KB
MD5

a0a58c8676215ccb011951d8e8cac24a
SHA1

e478b9da1632d2f6f2a8832bf6ec6e476de7738a
SHA256

111595e9361fb4950ea32b41b7b4408c4f08db59baf74ff65c2454a167fe498f
SHA512

adfc6c1e5b83a74245a54ae5db37e08e85eb89860371ea88742ae8c5e19eaf5865e4b875c2677829c1de4c4f24ef42d7cc249e88ed3f2187d1603f58c98f37ab

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 4932	4856	rundll32.exe	83
PID 4856 wrote to memory of 4932	4856	rundll32.exe	83
PID 4856 wrote to memory of 4932	4856	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\111595e9361fb4950ea32b41b7b4408c4f08db59baf74ff65c2454a167fe498f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\111595e9361fb4950ea32b41b7b4408c4f08db59baf74ff65c2454a167fe498f.dll,#1
  2⤵
  PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads