830d5969b22837d9b057eefc6477f6ccab5ea01a2b745356e5577e22c568c5ae | Triage

Analysis

max time kernel
141s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 01:11

Sharing

Report Analysis Logs

General

Target

830d5969b22837d9b057eefc6477f6ccab5ea01a2b745356e5577e22c568c5ae.dll
Size

3KB
MD5

0f5998b52a3a310d8d56f54dc8821710
SHA1

c9085f69279b945bdf24daa362af4033be93d45d
SHA256

830d5969b22837d9b057eefc6477f6ccab5ea01a2b745356e5577e22c568c5ae
SHA512

ce887d66153aff885bb1ed9ed66b0b89e20d53efbd230c08e6c796fb5d4cd093376412b42a44a42e31e9a6a912969015e4302df2c9f1507cbeb2b3c08c2c990a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 4792	4692	rundll32.exe	79
PID 4692 wrote to memory of 4792	4692	rundll32.exe	79
PID 4692 wrote to memory of 4792	4692	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\830d5969b22837d9b057eefc6477f6ccab5ea01a2b745356e5577e22c568c5ae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\830d5969b22837d9b057eefc6477f6ccab5ea01a2b745356e5577e22c568c5ae.dll,#1
  2⤵
  PID:4792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads