12b462bac49318bff264b3e91d5c2d5fd901a6a586c38e724fb95ec3d33cad14 | Triage

Analysis

max time kernel
90s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 12:56

Sharing

Report Analysis Logs

General

Target

12b462bac49318bff264b3e91d5c2d5fd901a6a586c38e724fb95ec3d33cad14.dll
Size

3KB
MD5

089c5add818912c98c7c18ed9fdd591d
SHA1

3489574a2cc5097498b2df2b71cda84e05a14964
SHA256

12b462bac49318bff264b3e91d5c2d5fd901a6a586c38e724fb95ec3d33cad14
SHA512

7b45d9320f441c754dd4e8800426aa71ed60a0345266408e9bfcc1f059ee062331dc993940b47fb9a3fa4ca2edf3430945c7f0dc228bd7c0890fd5cf2aeed807

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 384	2284	rundll32.exe	32
PID 2284 wrote to memory of 384	2284	rundll32.exe	32
PID 2284 wrote to memory of 384	2284	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12b462bac49318bff264b3e91d5c2d5fd901a6a586c38e724fb95ec3d33cad14.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12b462bac49318bff264b3e91d5c2d5fd901a6a586c38e724fb95ec3d33cad14.dll,#1
  2⤵
  PID:384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads