3def1279f1f9bbcdb8dfe270af57818df2421e3be3bfd43c01017d8e34b74e05 | Triage

Analysis

max time kernel
146s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 16:58

Sharing

Report Analysis Logs

General

Target

3def1279f1f9bbcdb8dfe270af57818df2421e3be3bfd43c01017d8e34b74e05.dll
Size

3KB
MD5

4949bf97ced872b49c37c7133dfcfe00
SHA1

02c6f063cfb44a155bb033bcf5d7b6e333f4d158
SHA256

3def1279f1f9bbcdb8dfe270af57818df2421e3be3bfd43c01017d8e34b74e05
SHA512

aacb5b740a6a618a7c551bdb48da4c059211dc39e57006b75094eae604f06a28f047de1fab13f61bb6e9d553660a56af7c1b7e8cea597c37ec6e147cb47ab4f8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4844 wrote to memory of 4548	4844	rundll32.exe	rundll32.exe
PID 4844 wrote to memory of 4548	4844	rundll32.exe	rundll32.exe
PID 4844 wrote to memory of 4548	4844	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3def1279f1f9bbcdb8dfe270af57818df2421e3be3bfd43c01017d8e34b74e05.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4844

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3def1279f1f9bbcdb8dfe270af57818df2421e3be3bfd43c01017d8e34b74e05.dll,#1
2⤵
PID:4548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4548-132-0x0000000000000000-mapping.dmp

Download