658278834d517c641e7318fa578001a406cb621c6a924ba879f3965f43d34284 | Triage

Analysis

max time kernel
138s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 05:48

Sharing

Report Analysis Logs

General

Target

658278834d517c641e7318fa578001a406cb621c6a924ba879f3965f43d34284.dll
Size

4KB
MD5

a0413a2875ee06dddcf20f5f02b3f480
SHA1

d7c00307f094d1aaf666db9c2ec4f198fb49077a
SHA256

658278834d517c641e7318fa578001a406cb621c6a924ba879f3965f43d34284
SHA512

9722a6f8e302307bd859873378e6d6c443ba05254392c7df17bd452643932d83b5a7ad970680b63be82de309aa7bc1445476a618efdf03b052781f718df01c53

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 3848	4532	rundll32.exe	81
PID 4532 wrote to memory of 3848	4532	rundll32.exe	81
PID 4532 wrote to memory of 3848	4532	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\658278834d517c641e7318fa578001a406cb621c6a924ba879f3965f43d34284.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\658278834d517c641e7318fa578001a406cb621c6a924ba879f3965f43d34284.dll,#1
  2⤵
  PID:3848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads