3c717529562e1f72744b1249705a3983edd7042edacb3db042b8e60b10e9f422 | Triage

Analysis

max time kernel
106s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2022 14:46

Sharing

Report Analysis Logs

General

Target

3c717529562e1f72744b1249705a3983edd7042edacb3db042b8e60b10e9f422.dll
Size

3KB
MD5

305b726c890a267afa7f16ab93c46930
SHA1

b0a9687fb58322132191dd3ddf9bb13e505a41c1
SHA256

3c717529562e1f72744b1249705a3983edd7042edacb3db042b8e60b10e9f422
SHA512

05a75acc826be014dbd04175ad28e43366d854f19dd011f6e91af5d917deadacaa2071986e84cd6bbaa1a4204137565117dde6af0f1212dfe440603025072299

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 4464	5112	rundll32.exe	82
PID 5112 wrote to memory of 4464	5112	rundll32.exe	82
PID 5112 wrote to memory of 4464	5112	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c717529562e1f72744b1249705a3983edd7042edacb3db042b8e60b10e9f422.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c717529562e1f72744b1249705a3983edd7042edacb3db042b8e60b10e9f422.dll,#1
  2⤵
  PID:4464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4464-132-0x0000000000000000-mapping.dmp

Download