584808a96dc676f4e42062351e3b1bd4a0662a615ae1709ebf099d21155c7487 | Triage

Analysis

max time kernel
153s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 15:09

Sharing

Report Analysis Logs

General

Target

584808a96dc676f4e42062351e3b1bd4a0662a615ae1709ebf099d21155c7487.dll
Size

3KB
MD5

a5a08079b38d2cc3f0a0b73e10d4efb0
SHA1

d447288043c1a3a882eee31b5b5326c4c3271f41
SHA256

584808a96dc676f4e42062351e3b1bd4a0662a615ae1709ebf099d21155c7487
SHA512

4fb6c840fcf4d3cb3cef7a05a69ead7019715b6dc894f7545bfa177db0a6e674064936febbc06222cac7cb4a68172305e2539a85d2bfe9fe52d75a6f3c4e2262

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 208	2132	rundll32.exe	83
PID 2132 wrote to memory of 208	2132	rundll32.exe	83
PID 2132 wrote to memory of 208	2132	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\584808a96dc676f4e42062351e3b1bd4a0662a615ae1709ebf099d21155c7487.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\584808a96dc676f4e42062351e3b1bd4a0662a615ae1709ebf099d21155c7487.dll,#1
  2⤵
  PID:208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads