d52482df38eb5394b6d97c214ec89db80247c06b9b71339cbba82d281eb29f88 | Triage

Analysis

max time kernel
510s
max time network
515s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 21:45

Sharing

Report Analysis Logs

General

Target

472.dll
Size

600KB
MD5

7ea355b017f86ad9177e55bd6c6695ae
SHA1

473312f3a537509174e56b9ca6fc92ee9fd812c3
SHA256

00288eb24055a00a40d394f018de7857c9cb02d5e7af245792e837856e124416
SHA512

c75396103b90f2ed4f5ebf7e88749c8e5c507bc0803b9a938b5560ef28a6448caf397ff7b2fdaac1220f1972036771178715f0c107af222c4ad349d28d19a9ef
SSDEEP

12288:QSUUEfo5I6/o2qgkpUdE9Msme0CWUdOWk4F:QSTiWDvLoRme0C0Wk4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 544 wrote to memory of 4188	544	rundll32.exe	rundll32.exe
PID 544 wrote to memory of 4188	544	rundll32.exe	rundll32.exe
PID 544 wrote to memory of 4188	544	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\472.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\472.dll,#1
  2⤵
  PID:4188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4188-132-0x0000000000000000-mapping.dmp

Download