abb64f25319eb007774c31da7ff321828f7e36e02af018bd301453f02d6c7629 | Triage

Analysis

max time kernel
138s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 00:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

abb64f25319eb007774c31da7ff321828f7e36e02af018bd301453f02d6c7629.dll
Size

4KB
MD5

931356b1bc3b06b614b3add1e650597a
SHA1

cf60b1bed8af28e23c5a85639b086e92ec4fc01a
SHA256

abb64f25319eb007774c31da7ff321828f7e36e02af018bd301453f02d6c7629
SHA512

044194d674e43ffcb99adbc6d2f276df8be1676257f27852672efaa76e0be04f32d7ddde5a0d66b58e38a1e930305a9a9f22d831d5968132524d0536bd4d6f0f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4884 wrote to memory of 4900	4884	rundll32.exe	81
PID 4884 wrote to memory of 4900	4884	rundll32.exe	81
PID 4884 wrote to memory of 4900	4884	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abb64f25319eb007774c31da7ff321828f7e36e02af018bd301453f02d6c7629.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abb64f25319eb007774c31da7ff321828f7e36e02af018bd301453f02d6c7629.dll,#1
  2⤵
  PID:4900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads