5d76008b835c001b1c8efaea67bda7591fb7bee61450b5884ef993b55696ef95 | Triage

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 08:46

Sharing

Report Analysis Logs

General

Target

5d76008b835c001b1c8efaea67bda7591fb7bee61450b5884ef993b55696ef95.dll
Size

4KB
MD5

59a0d8e3accd6184e7a5f22feedd6fa0
SHA1

f29d0fd8b2a5d8faa7531149c19ad5030603a5be
SHA256

5d76008b835c001b1c8efaea67bda7591fb7bee61450b5884ef993b55696ef95
SHA512

adea0a691d7e4c548e21becb439b3edb0e586cac4f0ed75d67a265fa89974cd99f91d975bee7bb864ddd4a132f87d7687979653069db3241a5b82f9d50c18b2d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 4960	4976	rundll32.exe	82
PID 4976 wrote to memory of 4960	4976	rundll32.exe	82
PID 4976 wrote to memory of 4960	4976	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d76008b835c001b1c8efaea67bda7591fb7bee61450b5884ef993b55696ef95.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d76008b835c001b1c8efaea67bda7591fb7bee61450b5884ef993b55696ef95.dll,#1
  2⤵
  PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads