91fec31342487bf5b16f6ab094cf53ad50498b1421895a46c79851c8b0a1d563 | Triage

Analysis

max time kernel
110s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 05:26

Sharing

Report Analysis Logs

General

Target

91fec31342487bf5b16f6ab094cf53ad50498b1421895a46c79851c8b0a1d563.dll
Size

3KB
MD5

938ac59011bbf38969b18164bc0cfcb0
SHA1

3bf9ccec0a223ad4baed605509c13b818d4a71b3
SHA256

91fec31342487bf5b16f6ab094cf53ad50498b1421895a46c79851c8b0a1d563
SHA512

0d0975d2929d6b1a3d2553a6200be4ff8f1f4874dc903951683edcd54b174b4ad097891d68beaae22a58a06d6bbff28e1a48426a7d402aa28444b9689f54a217

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 4388	1044	rundll32.exe	81
PID 1044 wrote to memory of 4388	1044	rundll32.exe	81
PID 1044 wrote to memory of 4388	1044	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\91fec31342487bf5b16f6ab094cf53ad50498b1421895a46c79851c8b0a1d563.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\91fec31342487bf5b16f6ab094cf53ad50498b1421895a46c79851c8b0a1d563.dll,#1
  2⤵
  PID:4388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads