8250a7f9190a6ecf4bc6d19c35af3ee7cc7c242cd02d239e3fa093225f76e332 | Triage

Analysis

max time kernel
176s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 15:49

Sharing

Report Analysis Logs

General

Target

8250a7f9190a6ecf4bc6d19c35af3ee7cc7c242cd02d239e3fa093225f76e332.dll
Size

3KB
MD5

45624fd0c5afa5c132a24333079db0e0
SHA1

bfa7fc25c7898e5bdf2f69f5e2f41af1eedc359b
SHA256

8250a7f9190a6ecf4bc6d19c35af3ee7cc7c242cd02d239e3fa093225f76e332
SHA512

09a04f9f20171af15382025b55fa5d8e595e3a8805ba7fd246cce14fa0e9d4d9473688a83943406fef4a5ce3b44770d138a140af7eddc960632d5a9624e967c9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2884 wrote to memory of 4960	2884	rundll32.exe	rundll32.exe
PID 2884 wrote to memory of 4960	2884	rundll32.exe	rundll32.exe
PID 2884 wrote to memory of 4960	2884	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8250a7f9190a6ecf4bc6d19c35af3ee7cc7c242cd02d239e3fa093225f76e332.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2884

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8250a7f9190a6ecf4bc6d19c35af3ee7cc7c242cd02d239e3fa093225f76e332.dll,#1
2⤵
PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4960-132-0x0000000000000000-mapping.dmp

Download