d00507564757cbf36eb7edb12fc2a782c044d0b447403a71634a6a526c7268fc | Triage

Analysis

max time kernel
145s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 12:56

Sharing

Report Analysis Logs

General

Target

Login/WzMss.dll
Size

172KB
MD5

f0c0781ec46ce9973e628c1e724eaec8
SHA1

31ae01938deefdbb28be75c3a69c0b1cef535728
SHA256

61cd79c5d4b2caddf2a9d3b54046c02704226861510fb1ff4d0f010afc6179c1
SHA512

e02f73784c0d8bb3cb9092db87d474dd0e277d44597284c1ccf49483af1b26153fb5cb7c05bdf495f31e71c1cedd0559a04e2fe02a1056bb1e97e704d444f552
SSDEEP

3072:tBPm5XqJGtCiP9pGvKQWVLY5cZGhZUoIDqVKdPQA+Rl3/DAs:zPm5GGtz9WUIUoIuVK2z/DA

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4112 wrote to memory of 3088	4112	rundll32.exe	rundll32.exe
PID 4112 wrote to memory of 3088	4112	rundll32.exe	rundll32.exe
PID 4112 wrote to memory of 3088	4112	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Login\WzMss.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Login\WzMss.dll,#1
2⤵
PID:3088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3088-132-0x0000000000000000-mapping.dmp

Download