ffd280e5052ca8b515bc89e379723f8a07032f7dfd9a6e84576282197fff660f | Triage

Analysis

max time kernel
105s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 14:48

Sharing

Report Analysis Logs

General

Target

ffd280e5052ca8b515bc89e379723f8a07032f7dfd9a6e84576282197fff660f.dll
Size

3KB
MD5

a079b08044415adccad3b37d51d08480
SHA1

1590480b8394fe7ec6f614f622ce075daa1cd085
SHA256

ffd280e5052ca8b515bc89e379723f8a07032f7dfd9a6e84576282197fff660f
SHA512

0adfd9800cb381f9148f0f9e760f8931e3b3bd9bcd6b6a2d74bd617ecba380e71dde6129b167727b15b86736391b75e0d75c1da4a8b4b03a7423ba37b2a07cf7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1736	1760	rundll32.exe	50
PID 1760 wrote to memory of 1736	1760	rundll32.exe	50
PID 1760 wrote to memory of 1736	1760	rundll32.exe	50

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffd280e5052ca8b515bc89e379723f8a07032f7dfd9a6e84576282197fff660f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffd280e5052ca8b515bc89e379723f8a07032f7dfd9a6e84576282197fff660f.dll,#1
  2⤵
  PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads