37f59e7850060edaae75a8dec29130e06439ec3b55f52e04473a59893ceabce9 | Triage

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 02:14

Sharing

Report Analysis Logs

General

Target

37f59e7850060edaae75a8dec29130e06439ec3b55f52e04473a59893ceabce9.dll
Size

3KB
MD5

7c6ddfae153da14cb714c0b9fba640d0
SHA1

8789b19dba2ef038c8aabb73b9f5e45f813e6dae
SHA256

37f59e7850060edaae75a8dec29130e06439ec3b55f52e04473a59893ceabce9
SHA512

f0c6c7dbd747cfe9d189681ad28bc18fd7934d0eda239b554ca5915c306dc753cbdb950850203ab370e32056c15c5c061d5e066a11c4a5809a955c603b160483

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 1020	4492	rundll32.exe	83
PID 4492 wrote to memory of 1020	4492	rundll32.exe	83
PID 4492 wrote to memory of 1020	4492	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37f59e7850060edaae75a8dec29130e06439ec3b55f52e04473a59893ceabce9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37f59e7850060edaae75a8dec29130e06439ec3b55f52e04473a59893ceabce9.dll,#1
  2⤵
  PID:1020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads