056a31035a7bc594bcf1ef659337bbeb66bf9ec4f36fb831e8c674b78a89faa9 | Triage

Analysis

max time kernel
157s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 19:03

Sharing

Report Analysis Logs

General

Target

056a31035a7bc594bcf1ef659337bbeb66bf9ec4f36fb831e8c674b78a89faa9.dll
Size

3KB
MD5

352787f7b6f26d277dba2757a95dddf3
SHA1

20e9ac1f440e7e3f290d7607add5ad227a9d6075
SHA256

056a31035a7bc594bcf1ef659337bbeb66bf9ec4f36fb831e8c674b78a89faa9
SHA512

ee91d8a7e960a117d9852a5901233e417eb87dd28096912afdf9553d7069e829bcb3f5fa3e0673edeaf6e316e355f1d9775f5bfb71d656e707b37ca11a7221df

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3680 wrote to memory of 3208	3680	rundll32.exe	rundll32.exe
PID 3680 wrote to memory of 3208	3680	rundll32.exe	rundll32.exe
PID 3680 wrote to memory of 3208	3680	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\056a31035a7bc594bcf1ef659337bbeb66bf9ec4f36fb831e8c674b78a89faa9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\056a31035a7bc594bcf1ef659337bbeb66bf9ec4f36fb831e8c674b78a89faa9.dll,#1
2⤵
PID:3208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3208-132-0x0000000000000000-mapping.dmp

Download