762915615296cae0f20eef7600d053a861393c48ea17e1dde6fc32d84572fc69 | Triage

Analysis

max time kernel
90s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 04:53

Sharing

Report Analysis Logs

General

Target

762915615296cae0f20eef7600d053a861393c48ea17e1dde6fc32d84572fc69.dll
Size

4KB
MD5

1853f1f154148d19242a8ede193839f0
SHA1

6bb934102a5dfaa03ccb81f9184fa744ce10123b
SHA256

762915615296cae0f20eef7600d053a861393c48ea17e1dde6fc32d84572fc69
SHA512

b7d2b85147018079169c7ccf4e0d4c67a6ae19c2fac9ff100110f0e6d28bf812dc49a003f10927f16f8b103885d93a55cc703a7274b1b3e74aabf7a7c141c318

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 2392	1536	rundll32.exe	81
PID 1536 wrote to memory of 2392	1536	rundll32.exe	81
PID 1536 wrote to memory of 2392	1536	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\762915615296cae0f20eef7600d053a861393c48ea17e1dde6fc32d84572fc69.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\762915615296cae0f20eef7600d053a861393c48ea17e1dde6fc32d84572fc69.dll,#1
  2⤵
  PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads