caf17d29b2f959111cf96b290cb3bdf1d320a04d2dffe1de99a15c59a232ed56 | Triage

Analysis

max time kernel
152s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 00:49

Sharing

Report Analysis Logs

General

Target

caf17d29b2f959111cf96b290cb3bdf1d320a04d2dffe1de99a15c59a232ed56.dll
Size

4KB
MD5

84901b4001b8bdc0490eb36590fc40b1
SHA1

efec2a6a239d605703be18af95c758e44deb2fd8
SHA256

caf17d29b2f959111cf96b290cb3bdf1d320a04d2dffe1de99a15c59a232ed56
SHA512

26b4c05dcf92f4e35ac761f3ba8bdcc00819855cf8ca918de4cdbab5bc8b3dacf8f5dbe1d314d9338e440a9d62c2bbd1028c29d58ed8a025232fba7dd617b604

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3236 wrote to memory of 1408	3236	rundll32.exe	34
PID 3236 wrote to memory of 1408	3236	rundll32.exe	34
PID 3236 wrote to memory of 1408	3236	rundll32.exe	34

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\caf17d29b2f959111cf96b290cb3bdf1d320a04d2dffe1de99a15c59a232ed56.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\caf17d29b2f959111cf96b290cb3bdf1d320a04d2dffe1de99a15c59a232ed56.dll,#1
  2⤵
  PID:1408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads