4f98c7b55c0918fdc5d94e30986e869b7994b9c7911ecdb31dca0c384f4a7f49 | Triage

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 05:21

Sharing

Report Analysis Logs

General

Target

4f98c7b55c0918fdc5d94e30986e869b7994b9c7911ecdb31dca0c384f4a7f49.dll
Size

3KB
MD5

c7cd28a00ce1d185418de9e29d0f68f0
SHA1

f4d74e19a4c193b686f2968892e2bdbca30fa124
SHA256

4f98c7b55c0918fdc5d94e30986e869b7994b9c7911ecdb31dca0c384f4a7f49
SHA512

3a6f5e03fbf7ee1ad513f8cc0a6b71c22158f72703a15d0648a82980f52d07813854479cf22235828ec09cdfc88aebd2254c4e484459acf6f3e4ecd7b9dc15dd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 2112	5044	rundll32.exe	81
PID 5044 wrote to memory of 2112	5044	rundll32.exe	81
PID 5044 wrote to memory of 2112	5044	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f98c7b55c0918fdc5d94e30986e869b7994b9c7911ecdb31dca0c384f4a7f49.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f98c7b55c0918fdc5d94e30986e869b7994b9c7911ecdb31dca0c384f4a7f49.dll,#1
  2⤵
  PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads