57716a9fad815dffdfe0af74d66a36545ce6e9a47f7c54738d116d65ee768136 | Triage

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 04:58

Sharing

Report Analysis Logs

General

Target

57716a9fad815dffdfe0af74d66a36545ce6e9a47f7c54738d116d65ee768136.dll
Size

3KB
MD5

c253a971f41fef3519ce99e161b214b0
SHA1

802c50cad35871e0b59406dbfd13fd22433287d7
SHA256

57716a9fad815dffdfe0af74d66a36545ce6e9a47f7c54738d116d65ee768136
SHA512

6ecf7a29f0985d76c8b16186d2ad091236b34474e4cc7948df557d89026c545d849fe7599571dc02989d3f124d1c6aa1fe1d47ddfde1ea686f1667b60feebf75

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 748	848	rundll32.exe	82
PID 848 wrote to memory of 748	848	rundll32.exe	82
PID 848 wrote to memory of 748	848	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57716a9fad815dffdfe0af74d66a36545ce6e9a47f7c54738d116d65ee768136.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\57716a9fad815dffdfe0af74d66a36545ce6e9a47f7c54738d116d65ee768136.dll,#1
  2⤵
  PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/748-132-0x0000000000000000-mapping.dmp

Download