1099338fddc7f04f9986b601b3f2635084a0b5a02b91fce5f6104f80c3e76fc9 | Triage

Analysis

max time kernel
173s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 05:18

Sharing

Report Analysis Logs

General

Target

1099338fddc7f04f9986b601b3f2635084a0b5a02b91fce5f6104f80c3e76fc9.dll
Size

3KB
MD5

8fdedabe64eb0cb6c442ae5551960bb0
SHA1

603a60ef783fe4bfbd7eb1c5778f69db2a27683b
SHA256

1099338fddc7f04f9986b601b3f2635084a0b5a02b91fce5f6104f80c3e76fc9
SHA512

869e59c6abbe9da1d6ccaf0eccf89a71fbf0b4a652954aaa44c4364756ef4ae46db266358d2accce6dc403276297bb5531631bd515e25047c9ae028d742a5947

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 400	2124	rundll32.exe	79
PID 2124 wrote to memory of 400	2124	rundll32.exe	79
PID 2124 wrote to memory of 400	2124	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1099338fddc7f04f9986b601b3f2635084a0b5a02b91fce5f6104f80c3e76fc9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1099338fddc7f04f9986b601b3f2635084a0b5a02b91fce5f6104f80c3e76fc9.dll,#1
  2⤵
  PID:400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads