8079798391ccb2afa987614390436c6918f15b2056aab80ef5aa8b03c530aa3f | Triage

Analysis

max time kernel
150s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 15:08

Sharing

Report Analysis Logs

General

Target

8079798391ccb2afa987614390436c6918f15b2056aab80ef5aa8b03c530aa3f.dll
Size

3KB
MD5

c6bb5f347204f1abafc9d41f6b0b7477
SHA1

1921478208317a5dc108b0cb16a8f9aad97e6ac7
SHA256

8079798391ccb2afa987614390436c6918f15b2056aab80ef5aa8b03c530aa3f
SHA512

7080d557645f844dbf80dd8ac7a9798120080ef0cea4ae71002d09fa609ea2d3648e2f20d42f86edeb63760703c89292fc54a5b990942ceeb1d58acda664243f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 5048	1544	rundll32.exe	77
PID 1544 wrote to memory of 5048	1544	rundll32.exe	77
PID 1544 wrote to memory of 5048	1544	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8079798391ccb2afa987614390436c6918f15b2056aab80ef5aa8b03c530aa3f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8079798391ccb2afa987614390436c6918f15b2056aab80ef5aa8b03c530aa3f.dll,#1
  2⤵
  PID:5048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads