307735665d049bf88890d83dd2dafae7bed9c16bd4b812ca81a719c338d90047 | Triage

Analysis

max time kernel
169s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 21:25

Sharing

Report Analysis Logs

General

Target

307735665d049bf88890d83dd2dafae7bed9c16bd4b812ca81a719c338d90047.dll
Size

3KB
MD5

020cfa4eecae8ac8a23fab1f961fdcab
SHA1

adeafcf1c86d2cb0f5126c6228ab089d83f0c419
SHA256

307735665d049bf88890d83dd2dafae7bed9c16bd4b812ca81a719c338d90047
SHA512

c92375589f1b2a52c7271e8c749eb0fde68f1b3cbfea5d5ce6241bcbd8907be0b5b62bca63e80286a32f86f2322135e6740920914fcc87b63be7d7b2b9beb7a9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3952 wrote to memory of 1428	3952	rundll32.exe	80
PID 3952 wrote to memory of 1428	3952	rundll32.exe	80
PID 3952 wrote to memory of 1428	3952	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\307735665d049bf88890d83dd2dafae7bed9c16bd4b812ca81a719c338d90047.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\307735665d049bf88890d83dd2dafae7bed9c16bd4b812ca81a719c338d90047.dll,#1
  2⤵
  PID:1428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads