472f4768483c659c9c99c0bae45b81483e4b2a87037748556b642c496eb013b2 | Triage

Analysis

max time kernel
112s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 00:46

Sharing

Report Analysis Logs

General

Target

472f4768483c659c9c99c0bae45b81483e4b2a87037748556b642c496eb013b2.dll
Size

3KB
MD5

92ef6c5235bdf934b4f77435943ba637
SHA1

b2eb1c5e852ab1598ca8fbb557317bcde49fcb35
SHA256

472f4768483c659c9c99c0bae45b81483e4b2a87037748556b642c496eb013b2
SHA512

4cc9713ddbf91bf56131880cccc1a4b7b75bb7172cdce2d663d54fe18b21a4590bb90ee8abdc10a4f1aa4d8058c278abe4ccdc2d4b2fc7c979aae7e49266a668

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 5024	4960	rundll32.exe	35
PID 4960 wrote to memory of 5024	4960	rundll32.exe	35
PID 4960 wrote to memory of 5024	4960	rundll32.exe	35

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\472f4768483c659c9c99c0bae45b81483e4b2a87037748556b642c496eb013b2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\472f4768483c659c9c99c0bae45b81483e4b2a87037748556b642c496eb013b2.dll,#1
  2⤵
  PID:5024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads