2de39012d3b248554ef8bc7f93122f97a265fb50ae86c1b56ad41793ad1b2f2b | Triage

Analysis

max time kernel
289s
max time network
309s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 04:20

Sharing

Report Analysis Logs

General

Target

2de39012d3b248554ef8bc7f93122f97a265fb50ae86c1b56ad41793ad1b2f2b.dll
Size

3KB
MD5

cb68ba73911e8d33483b3df2cbb20fb0
SHA1

23d0748e07c6606f45a6313031ccf2e3f36779b7
SHA256

2de39012d3b248554ef8bc7f93122f97a265fb50ae86c1b56ad41793ad1b2f2b
SHA512

6b06520f03075019d38fd14c627bc135845ee1a0018d6e646902bb96251e58d3176c4819d25b1e36eb2dbcc2878c75579c0a964d90351b1c3dde5c0eb8a627cd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 3808	3444	rundll32.exe	80
PID 3444 wrote to memory of 3808	3444	rundll32.exe	80
PID 3444 wrote to memory of 3808	3444	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2de39012d3b248554ef8bc7f93122f97a265fb50ae86c1b56ad41793ad1b2f2b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2de39012d3b248554ef8bc7f93122f97a265fb50ae86c1b56ad41793ad1b2f2b.dll,#1
  2⤵
  PID:3808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads