27ce9966eb38f82208ff35ccf3920158ebf91b8621f552e909118e335dde8443 | Triage

Analysis

max time kernel
185s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 00:41

Sharing

Report Analysis Logs

General

Target

27ce9966eb38f82208ff35ccf3920158ebf91b8621f552e909118e335dde8443.dll
Size

3KB
MD5

011b42a172d6f1630060a9e5c9d1fdfc
SHA1

1488dcbcce89e58bf49e134a0ce700cb8315defa
SHA256

27ce9966eb38f82208ff35ccf3920158ebf91b8621f552e909118e335dde8443
SHA512

7ccd5779a06493a590d0e0cd8ab3be7ac5c4245a5d4b70fc97938caba939197b1c1cea800e8b3b46c6eaa714becb66b6227b18fc3abed0e059a8e5999a3e905d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4088 wrote to memory of 1392	4088	rundll32.exe	rundll32.exe
PID 4088 wrote to memory of 1392	4088	rundll32.exe	rundll32.exe
PID 4088 wrote to memory of 1392	4088	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27ce9966eb38f82208ff35ccf3920158ebf91b8621f552e909118e335dde8443.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4088

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27ce9966eb38f82208ff35ccf3920158ebf91b8621f552e909118e335dde8443.dll,#1
2⤵
PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1392-132-0x0000000000000000-mapping.dmp

Download