0f052403aa25c09f5c1973b03b9345c506124645dae936c88a5d444c02c163a5 | Triage

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 15:13

Sharing

Report Analysis Logs

General

Target

0f052403aa25c09f5c1973b03b9345c506124645dae936c88a5d444c02c163a5.dll
Size

3KB
MD5

d94e3d7650951509a5b831901d3bb6e0
SHA1

b7f0feba617c38b655fa87b7cd92949e31728179
SHA256

0f052403aa25c09f5c1973b03b9345c506124645dae936c88a5d444c02c163a5
SHA512

d42831cf8b1f19e8f95774073412fecde24a52db543dd0c46661c93b7123ef25e3e29859a87ff5f7e4d1a0f617aed55b24f9fbd7bec489a1693e8f886a4a47d4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 4828	1220	rundll32.exe	80
PID 1220 wrote to memory of 4828	1220	rundll32.exe	80
PID 1220 wrote to memory of 4828	1220	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f052403aa25c09f5c1973b03b9345c506124645dae936c88a5d444c02c163a5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f052403aa25c09f5c1973b03b9345c506124645dae936c88a5d444c02c163a5.dll,#1
  2⤵
  PID:4828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads