120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6 | Triage

Analysis

max time kernel
95s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 13:24

Sharing

Report Analysis Logs

General

Target

120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6.dll
Size

3KB
MD5

a1343bef79835d35031f88c5bb6a4830
SHA1

042470cab03f69792059a641e69098fba9f35ad7
SHA256

120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6
SHA512

01ea41e127b115d2e26f83d91eaab2f7d6c06981fdde4aaf2a37197bdfe8a3db169df0024dffd0455299cb784e6be06ee3154191f0ca93854cb40076f2b969ae

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 4444	4568	rundll32.exe	82
PID 4568 wrote to memory of 4444	4568	rundll32.exe	82
PID 4568 wrote to memory of 4444	4568	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6.dll,#1
  2⤵
  PID:4444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads