84d9608f01824a8d7740c9b97e0c2045e755f68f3069cc5c7e826d55c9b6a4a5 | Triage

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2022 14:45

Sharing

Report Analysis Logs

General

Target

84d9608f01824a8d7740c9b97e0c2045e755f68f3069cc5c7e826d55c9b6a4a5.dll
Size

3KB
MD5

3b048b858d81ad51ff2623680c0a4aa9
SHA1

264156f1be32d84a11729365e722049200feefd4
SHA256

84d9608f01824a8d7740c9b97e0c2045e755f68f3069cc5c7e826d55c9b6a4a5
SHA512

0db92a6662695421da6ffbd1ffcfaf50693d1e58b9f0d3be09d96e67d5907a32aadedc6f3369edead3990187e54f7eba84f47b5f0494b24b0761e040b1e8774a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 516	3612	rundll32.exe	79
PID 3612 wrote to memory of 516	3612	rundll32.exe	79
PID 3612 wrote to memory of 516	3612	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\84d9608f01824a8d7740c9b97e0c2045e755f68f3069cc5c7e826d55c9b6a4a5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\84d9608f01824a8d7740c9b97e0c2045e755f68f3069cc5c7e826d55c9b6a4a5.dll,#1
  2⤵
  PID:516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/516-132-0x0000000000000000-mapping.dmp

Download