602c77d9059e3187d4f8d5cdf330d8806593428432eca1de713addd2f7bf06cd | Triage

Analysis

max time kernel
93s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 18:07

Sharing

Report Analysis Logs

General

Target

602c77d9059e3187d4f8d5cdf330d8806593428432eca1de713addd2f7bf06cd.dll
Size

3KB
MD5

0b4180f2382de588dbe97f1dca22bc68
SHA1

af274a30c6e227c9444dd8de52ffd28c290db262
SHA256

602c77d9059e3187d4f8d5cdf330d8806593428432eca1de713addd2f7bf06cd
SHA512

334aa5d9f10a68bb372e9b0299eab61aff9260c815a34abfe6400b62876d63e011e4c7e9741083a0705278d0c4b2786e7509b7afd92ba423250e30d01c1997f7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 488 wrote to memory of 3672	488	rundll32.exe	78
PID 488 wrote to memory of 3672	488	rundll32.exe	78
PID 488 wrote to memory of 3672	488	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\602c77d9059e3187d4f8d5cdf330d8806593428432eca1de713addd2f7bf06cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\602c77d9059e3187d4f8d5cdf330d8806593428432eca1de713addd2f7bf06cd.dll,#1
  2⤵
  PID:3672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads