a373452608d49300e8f1edc1d69d4d1e4140185316fddcc0ba6459a78092b742 | Triage

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 05:43

Sharing

Report Analysis Logs

General

Target

a373452608d49300e8f1edc1d69d4d1e4140185316fddcc0ba6459a78092b742.dll
Size

4KB
MD5

aaa180d8ad2a63fe23b30e8b16580df0
SHA1

b006b488a52cfd0f4111ca8be85c579c0cf328c0
SHA256

a373452608d49300e8f1edc1d69d4d1e4140185316fddcc0ba6459a78092b742
SHA512

cd70bed6e5ebe50a7b65bf9ed58434e3572c592d0c6e8d3761f81635164fe6520812438f365ce42d55187effe4cbedc86059ce5a905eb88338066ee1d50641a8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 4144	4556	rundll32.exe	84
PID 4556 wrote to memory of 4144	4556	rundll32.exe	84
PID 4556 wrote to memory of 4144	4556	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a373452608d49300e8f1edc1d69d4d1e4140185316fddcc0ba6459a78092b742.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a373452608d49300e8f1edc1d69d4d1e4140185316fddcc0ba6459a78092b742.dll,#1
  2⤵
  PID:4144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads