0de4b0c3a0742e9acf8701d9961481448dffb2f06f8ebe624127a01d3fb68c98 | Triage

Analysis

max time kernel
139s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 07:00

Sharing

Report Analysis Logs

General

Target

N°Compro234453 - Cópia.dll
Size

370KB
MD5

1e6d6071946da98b3f5bd148d7ca36d7
SHA1

ff09fd00fd38d7b900af42625db7e7a26074e362
SHA256

d741b28e4e9683e95365ce0736c515d98c7ad71e69f8c6177f474924f66ed2b1
SHA512

ef410316cd9bc9344fafae6b5056335a72bf093236d1f088a59bed1f6578ab0c266e4d97b72e628f6bccca4338c54aca0d0f272df9e383f73ebd9e070503297d
SSDEEP

6144:aVttzrdznktf4hguPURdlc0SqDr1b+wSsPR+shLP6KWl:qt3dznktfirQ/1b7+ILPL8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 1336	1316	rundll32.exe	84
PID 1316 wrote to memory of 1336	1316	rundll32.exe	84
PID 1316 wrote to memory of 1336	1316	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\N°Compro234453 - Cópia.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\N°Compro234453 - Cópia.dll",#1
  2⤵
  PID:1336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1336-132-0x0000000000000000-mapping.dmp

Download