2782841cfcbab2da710219ed9ea5069e638a2027d847598e2cec248923f4a40b | Triage

Analysis

max time kernel
144s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 10:42

Sharing

Report Analysis Logs

General

Target

2782841cfcbab2da710219ed9ea5069e638a2027d847598e2cec248923f4a40b.dll
Size

3KB
MD5

801349b3144b4bca79a420854a4108a3
SHA1

fd67cb8a8db5412262060415bc38f0cd7e4dfe07
SHA256

2782841cfcbab2da710219ed9ea5069e638a2027d847598e2cec248923f4a40b
SHA512

2a7f76caa5faf8a9a2811010d77aa1491072e213303b2ed16e1da3c58df5f9ce085d9c8e3ef2ba62021ad9754bbb0b8587726e8a7f68f2485f2e00720b71ff4e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 4244	2720	rundll32.exe	81
PID 2720 wrote to memory of 4244	2720	rundll32.exe	81
PID 2720 wrote to memory of 4244	2720	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2782841cfcbab2da710219ed9ea5069e638a2027d847598e2cec248923f4a40b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2782841cfcbab2da710219ed9ea5069e638a2027d847598e2cec248923f4a40b.dll,#1
  2⤵
  PID:4244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads