d22e94da6ab672efd5793ed4265cadebb3be679fc300f4f2ff2a709cffbe61d8 | Triage

Analysis

max time kernel
220s
max time network
333s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 21:43

Sharing

Report Analysis Logs

General

Target

d22e94da6ab672efd5793ed4265cadebb3be679fc300f4f2ff2a709cffbe61d8.dll
Size

3KB
MD5

f7219dba9f47761fcf3bdc740e72b35a
SHA1

64c424d43caf9d0189ab3f5ca41a16455fff1b15
SHA256

d22e94da6ab672efd5793ed4265cadebb3be679fc300f4f2ff2a709cffbe61d8
SHA512

f2d84353ccc176b2a7cf0d76eb00d399ed42051cfafbe505fdc7b9e8645a3523b530b8a953dea380044d760d2f6087d1bdb5b599732fcee195dffb5e9a90df28

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 864	2400	rundll32.exe	80
PID 2400 wrote to memory of 864	2400	rundll32.exe	80
PID 2400 wrote to memory of 864	2400	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d22e94da6ab672efd5793ed4265cadebb3be679fc300f4f2ff2a709cffbe61d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d22e94da6ab672efd5793ed4265cadebb3be679fc300f4f2ff2a709cffbe61d8.dll,#1
  2⤵
  PID:864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads