0433c11fb2cf76012e306370c21b230e060c484b2783db5596f437c0c670812b | Triage

Analysis

max time kernel
90s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:55

Sharing

Report Analysis Logs

General

Target

0433c11fb2cf76012e306370c21b230e060c484b2783db5596f437c0c670812b.dll
Size

3KB
MD5

52b0ea5b54ea1227acb4f6f8142e3cb4
SHA1

702076ea1551c2bb7547ed0bfc674fd24dcc1e0c
SHA256

0433c11fb2cf76012e306370c21b230e060c484b2783db5596f437c0c670812b
SHA512

bc9e1fe38a7880afd5ed1b6e3c6ce04a5cbb3b759e70c6352ca830faff167f6180536bd1becae9ba7db5c6f9c8773c0d93c5ce0ee859ffb853bf3645b742c72a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4384 wrote to memory of 3392	4384	rundll32.exe	rundll32.exe
PID 4384 wrote to memory of 3392	4384	rundll32.exe	rundll32.exe
PID 4384 wrote to memory of 3392	4384	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0433c11fb2cf76012e306370c21b230e060c484b2783db5596f437c0c670812b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0433c11fb2cf76012e306370c21b230e060c484b2783db5596f437c0c670812b.dll,#1
2⤵
PID:3392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3392-132-0x0000000000000000-mapping.dmp

Download