80f4e0eabe939c239d33003c046215b036fe872255f477be0489890094125ddd | Triage

Analysis

max time kernel
153s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 02:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

80f4e0eabe939c239d33003c046215b036fe872255f477be0489890094125ddd.dll
Size

4KB
MD5

4159ea3b1e7b0b620836e799c8e9ad10
SHA1

c6a60cb30df04c138d35e0b2c4c7ccd261f63e2c
SHA256

80f4e0eabe939c239d33003c046215b036fe872255f477be0489890094125ddd
SHA512

b958867f432deb658d9cce3948454d4d051e3fc0018dcf0e2c7617b9c005eaf721ff0606d396c8528abb321dc11b861f760aed0c436fd90797009d746c403feb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 3092	1664	rundll32.exe	81
PID 1664 wrote to memory of 3092	1664	rundll32.exe	81
PID 1664 wrote to memory of 3092	1664	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\80f4e0eabe939c239d33003c046215b036fe872255f477be0489890094125ddd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\80f4e0eabe939c239d33003c046215b036fe872255f477be0489890094125ddd.dll,#1
  2⤵
  PID:3092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads