f071b3ecc96c80963115cd6f6fce57e861fa2934d4ef5b6612f66940daba18cb | Triage

Resubmissions

09-12-2022 21:29

221209-1bvkqaed47 10

01-12-2022 21:11

221201-z1slzseg6v 10

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 21:11

Sharing

Report Analysis Logs

General

Target

1270.dll
Size

600KB
MD5

21c907826867ea3e1453ff6c773e1dce
SHA1

aa35fbe2a28c36cd76916d3d23792b5d3b35af5e
SHA256

1612e086fe01d5a31287188fe4c373e5b2f30d10bc165f8e53bab5ab6ec3d458
SHA512

dc3b35a7218f520e64e83982a791dc34b272aaafc8ef6591bd6a2b4d5947363e2188ced5825b950ef2db45eaf5f9875b07a73bb6caa37b91c162915d6e8d40d5
SSDEEP

12288:QSUUEfo5I6/o2qgkpUdh9Msme0CWUdOWk4F:QSTiWDvL1Rme0C0Wk4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2420 wrote to memory of 1000	2420	rundll32.exe	rundll32.exe
PID 2420 wrote to memory of 1000	2420	rundll32.exe	rundll32.exe
PID 2420 wrote to memory of 1000	2420	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1270.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1270.dll,#1
  2⤵
  PID:1000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1000-132-0x0000000000000000-mapping.dmp

Download