5c1eeca485650a1c9d3fc9ba7848ad3be1f64be2776c7487f046eca22bb1fb35 | Triage

Resubmissions

09-12-2022 21:31

221209-1c8tqsed62 10

01-12-2022 19:44

221201-yf4yvaeb95 10

Analysis

max time kernel
75s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 19:44

Sharing

Report Analysis Logs

General

Target

48.dll
Size

600KB
MD5

5f2f64254193b3e46ad38110af70c191
SHA1

3c390a854b4bed296d549288e42ab9388a39b42b
SHA256

cff751c5dc8d9914b185064dd21cbbac5db7768cab5be0eab6bc2ac958559ef6
SHA512

708d894742bc1cb1c1f855771d364f4a1388aa0abdd920767330509bea6977d2e9c8efab4ba25e60ad61f6320b42840f207d7e25b68e803cc57f28809d35cd2b
SSDEEP

12288:QSUUEfo5I6/o2qgkpUdG9Msme0CWUdOWk4F:QSTiWDvLmRme0C0Wk4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 384 wrote to memory of 2556	384	rundll32.exe	rundll32.exe
PID 384 wrote to memory of 2556	384	rundll32.exe	rundll32.exe
PID 384 wrote to memory of 2556	384	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48.dll,#1
2⤵
PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2556-132-0x0000000000000000-mapping.dmp

Download