4dd6f48aa73e742fd3a737a6ac9e2f206e8bfe352044e150dd1edff3762de3ee | Triage

Analysis

max time kernel
100s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 04:50

Sharing

Report Analysis Logs

General

Target

4dd6f48aa73e742fd3a737a6ac9e2f206e8bfe352044e150dd1edff3762de3ee.dll
Size

3KB
MD5

7ac76d817c1a0eee4a725080e65ceacf
SHA1

6ef039a7aca72fb88db30707c91c4b6bc6b2c553
SHA256

4dd6f48aa73e742fd3a737a6ac9e2f206e8bfe352044e150dd1edff3762de3ee
SHA512

2a85ff27fdd4c252d7be1bd4f1c1606769b8792612c34ae16bb5ffec8dd1a95d8e26d88669eeb63085bb54508f3a9c7c9dbd5edab0172276a7e68116add6db5c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 1412	3068	rundll32.exe	78
PID 3068 wrote to memory of 1412	3068	rundll32.exe	78
PID 3068 wrote to memory of 1412	3068	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4dd6f48aa73e742fd3a737a6ac9e2f206e8bfe352044e150dd1edff3762de3ee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4dd6f48aa73e742fd3a737a6ac9e2f206e8bfe352044e150dd1edff3762de3ee.dll,#1
  2⤵
  PID:1412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1412-132-0x0000000000000000-mapping.dmp

Download