f35b247db77f838cd97fb1f18f90d6a140e544551d65f4d1cb02af5d7f765e81 | Triage

Analysis

max time kernel
188s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 20:40

Sharing

Report Analysis Logs

General

Target

f35b247db77f838cd97fb1f18f90d6a140e544551d65f4d1cb02af5d7f765e81.dll
Size

3KB
MD5

92008d86f305340e96214c4e5e931329
SHA1

7b212fc8589f3621d97132eac437724ad100fafa
SHA256

f35b247db77f838cd97fb1f18f90d6a140e544551d65f4d1cb02af5d7f765e81
SHA512

28fb3a90c515f0f4739bce0806540f0f5ec8c158bcaabf8e7443efa528d705ec2619412ef47af21741729ffb5cfd2fe48256b6c590b5ff0700cc5ef39a0dab85

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 4360	4684	rundll32.exe	80
PID 4684 wrote to memory of 4360	4684	rundll32.exe	80
PID 4684 wrote to memory of 4360	4684	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f35b247db77f838cd97fb1f18f90d6a140e544551d65f4d1cb02af5d7f765e81.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f35b247db77f838cd97fb1f18f90d6a140e544551d65f4d1cb02af5d7f765e81.dll,#1
  2⤵
  PID:4360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads