bbe5902da8d8a50ccb1e3b5afa16c001efece321d1e7e7daa350cea44a7cf5cb | Triage

Analysis

max time kernel
153s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 04:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bbe5902da8d8a50ccb1e3b5afa16c001efece321d1e7e7daa350cea44a7cf5cb.dll
Size

4KB
MD5

8ab71c18e7aec61ce98d31199d429cd0
SHA1

7b2b67a7851438299bc573101f778b9bc5e99fe2
SHA256

bbe5902da8d8a50ccb1e3b5afa16c001efece321d1e7e7daa350cea44a7cf5cb
SHA512

db29eaec7ff716d5416c438d9dacf7edc96107cd25c0d666ec72fdff5548c74a2797052c7d27e1a987d9f44df5cb785ae9397cf598528b37d4d535bc5d3f378d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 2252	4752	rundll32.exe	78
PID 4752 wrote to memory of 2252	4752	rundll32.exe	78
PID 4752 wrote to memory of 2252	4752	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbe5902da8d8a50ccb1e3b5afa16c001efece321d1e7e7daa350cea44a7cf5cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbe5902da8d8a50ccb1e3b5afa16c001efece321d1e7e7daa350cea44a7cf5cb.dll,#1
  2⤵
  PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads