fa6c52c8ddd440d5147beb4e00a0b7fa8d7470e8190ed493a452dfc9c34f0cce | Triage

Analysis

max time kernel
288s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 05:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fa6c52c8ddd440d5147beb4e00a0b7fa8d7470e8190ed493a452dfc9c34f0cce.dll
Size

3KB
MD5

bea1032ce6dac185d74380eea58bd2d0
SHA1

9a37c1ae0ecf3dc8a1be8835e460bf18dcefc977
SHA256

fa6c52c8ddd440d5147beb4e00a0b7fa8d7470e8190ed493a452dfc9c34f0cce
SHA512

db6d56a0ff052dbf2892981291aff3e52a170dcbd772e0ac835d5fdc0d7c5c1bc8f6abb2d17eb052b951659db5ad90787dbd4ec0c775cefd4c65009c07de2f90

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3076 wrote to memory of 260	3076	rundll32.exe	79
PID 3076 wrote to memory of 260	3076	rundll32.exe	79
PID 3076 wrote to memory of 260	3076	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa6c52c8ddd440d5147beb4e00a0b7fa8d7470e8190ed493a452dfc9c34f0cce.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa6c52c8ddd440d5147beb4e00a0b7fa8d7470e8190ed493a452dfc9c34f0cce.dll,#1
  2⤵
  PID:260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads