79084ad854760e2dc6a451319f9d8584fd2d2351b256e3664dbf791573a8fa9d | Triage

Analysis

max time kernel
144s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 18:07

Sharing

Report Analysis Logs

General

Target

79084ad854760e2dc6a451319f9d8584fd2d2351b256e3664dbf791573a8fa9d.dll
Size

3KB
MD5

00815c0ede2a6cc3b440f11fcba96ab8
SHA1

67a552b263953c883d306b25c7242544f5e74c7c
SHA256

79084ad854760e2dc6a451319f9d8584fd2d2351b256e3664dbf791573a8fa9d
SHA512

07c4bf007e9feeafc560b97cd4e3378ef04ecd92148aa4272e47596b8bba2be84fd2974985f2af5a58cfff5a8d69b37abc0870921c6c9d11973f16a59905b023

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 4608	5048	rundll32.exe	80
PID 5048 wrote to memory of 4608	5048	rundll32.exe	80
PID 5048 wrote to memory of 4608	5048	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79084ad854760e2dc6a451319f9d8584fd2d2351b256e3664dbf791573a8fa9d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\79084ad854760e2dc6a451319f9d8584fd2d2351b256e3664dbf791573a8fa9d.dll,#1
  2⤵
  PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads