8552852bb39be58614538a95017e9cba3282db830bbe0c220ae112edf3399011 | Triage

Analysis

max time kernel
188s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 00:40

Sharing

Report Analysis Logs

General

Target

8552852bb39be58614538a95017e9cba3282db830bbe0c220ae112edf3399011.dll
Size

3KB
MD5

2855444a80d93b4a970a911dae18d560
SHA1

1f4bad1ed466d4ed2d07c2bbdd16995633ac17ea
SHA256

8552852bb39be58614538a95017e9cba3282db830bbe0c220ae112edf3399011
SHA512

15f530d285b0189df069691ee6fbbb865a0fde0d51290591a9415bc1d1680a202c57bed42fb404d3c98eb807319672f3bca42d68d02a7eeaa4441fde1cb944f2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 864 wrote to memory of 1496	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1496	864	rundll32.exe	rundll32.exe
PID 864 wrote to memory of 1496	864	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8552852bb39be58614538a95017e9cba3282db830bbe0c220ae112edf3399011.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:864

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8552852bb39be58614538a95017e9cba3282db830bbe0c220ae112edf3399011.dll,#1
2⤵
PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1496-132-0x0000000000000000-mapping.dmp

Download