e978a81d86cd3abf8fee892b109bed56f426329c7ff4060ac585e75e35a001c2 | Triage

Analysis

max time kernel
154s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 15:05

Sharing

Report Analysis Logs

General

Target

e978a81d86cd3abf8fee892b109bed56f426329c7ff4060ac585e75e35a001c2.dll
Size

3KB
MD5

52ec147c82e0362603d0a1c8285585ed
SHA1

6fa7bc18e145ad6dee09b03df8cd983fcda9c70a
SHA256

e978a81d86cd3abf8fee892b109bed56f426329c7ff4060ac585e75e35a001c2
SHA512

eb8a59e03bdcad552f89ed0b0af1af8833150f2c96086d33d57e939b76d97712545a251702d13d6cde7aa91f71cde1a11a2e8dbc70663678569586d929b0f0bf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 4136	5020	rundll32.exe	82
PID 5020 wrote to memory of 4136	5020	rundll32.exe	82
PID 5020 wrote to memory of 4136	5020	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e978a81d86cd3abf8fee892b109bed56f426329c7ff4060ac585e75e35a001c2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e978a81d86cd3abf8fee892b109bed56f426329c7ff4060ac585e75e35a001c2.dll,#1
  2⤵
  PID:4136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads