5f38c8263d65c04eceaf0451314f00cf40f93252e0e1db3393450563a20e581f | Triage

Analysis

max time kernel
169s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 15:09

Sharing

Report Analysis Logs

General

Target

5f38c8263d65c04eceaf0451314f00cf40f93252e0e1db3393450563a20e581f.dll
Size

3KB
MD5

91b8ebb8364e34a76c3dab0136aa2e66
SHA1

2119b8b7aadad37c8a653a13cef3748b5810fc6f
SHA256

5f38c8263d65c04eceaf0451314f00cf40f93252e0e1db3393450563a20e581f
SHA512

f0e3d605798df60b76039515c5b3e5a0d42a02f7453000e8c1272df7b9afd9cb64bcbb0abb8f9a2a6f3336b2e1f3ab920e79d93f6e5b23659071e72761b3f1ab

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 3880	4708	rundll32.exe	79
PID 4708 wrote to memory of 3880	4708	rundll32.exe	79
PID 4708 wrote to memory of 3880	4708	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f38c8263d65c04eceaf0451314f00cf40f93252e0e1db3393450563a20e581f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f38c8263d65c04eceaf0451314f00cf40f93252e0e1db3393450563a20e581f.dll,#1
  2⤵
  PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads